Build Pipeline SmechDeploy
SmechDeploy is the build and deployment toolkit for the entire Smech Labs OS stack. It is a collection of shell and Python scripts that compile upstream sources and write the results into raw disk images — no package manager, no container, no external build system abstraction.
What it builds
| Output | Profile | Description |
|---|---|---|
images/smechos.img |
smechos | SmechOS master disk image — KDE Plasma 6, OpenRC, spk |
images/smechvisor-install-*.iso |
smechvisor | SmechVisor install ISO — offline installer, all packages on disc |
images/smechvisor-shim-*.iso |
smechvisor | Deploy Shim ISO — minimal boot for network deployment |
Repository layout
SmechDeploy/
├── bin/ # build scripts (shell + Python)
├── build_order.txt # SmechOS script execution order
├── build_order_smechvisor.txt # SmechVisor script execution order
├── images/ # raw disk images (not in git)
├── essentials/ # vendored upstream sources (not in git)
├── deps/ # third-party deps (libnl, meson, etc.)
├── repo-packs/ # spk Rust source
├── repo-packs-installer/ # smech-installer Rust source (SmechOS TUI installer)
├── repo-packs-installer-visor/ # smechvisor-installer Rust source
├── repo-packs-spkvisor/ # spk-visor Rust source
├── config/ # OpenRC service configs, SDDM config
└── .venv/ # Python venv for the orchestrator
/iso-builder/, /deps/, /essentials/, and
/images/ are excluded from git via .gitignore. They
contain multi-GB build artifacts, pre-compiled binaries, and vendored sources
that do not belong in version control.
Prerequisites
- x86_64 Linux host (Debian or Ubuntu recommended)
- Root access (required for
debugfs,mount,chroot, andmake install) - Packages:
build-essential python3 python3-venv cargo rustc xorriso grub-efi-amd64-bin grub-pc-bin libnewt-dev - ~50 GB free disk space for build artifacts
- Internet access for downloading upstream source tarballs (Phase 2 only)
Build Profiles
SmechOS profile
Run the full SmechOS build:
cd SmechDeploy
sudo bash bin/build_smechos.sh
The orchestrator reads build_order.txt, activates the Python venv,
and runs each script in order. See Script Reference for
individual phase descriptions.
SmechVisor profile
Run the full SmechVisor build:
cd SmechDeploy
export SMECH_TARGET=/mnt/smechos_build_root
sudo bash bin/build_smechos.sh --profile smechvisor
Uses build_order_smechvisor.txt. Bootstraps a musl userland, compiles
the kernel, installs the smechvisord daemon, and produces both the install ISO and
the deploy shim ISO.
Running a single phase
Every script auto-detects its own SCRIPT_DIR and DEPLOY_ROOT,
so individual phase scripts can be run standalone:
sudo SMECH_TARGET=/mnt/smechos bash bin/04_compile_kde_stack.py
sudo bash bin/15_build_smechvisor_install_iso.sh
Script Reference
SmechOS — Phase 1: Base system restoration
Phase 1 operates directly on images/part2.img via debugfs -w,
without mounting. It pulls files from a reference host at
/mnt/kaymium_sovereign.
| Script | What it does |
|---|---|
restore_utils.py | Restores core userland utilities into part2.img |
restore_lib64.py | Restores shared libraries (/lib64, /usr/lib) |
restore_etc.py | Restores /etc skeleton (without sensitive files) |
deploy_openrc.py | Copies OpenRC skeleton from deps/others/openrc_install |
edit_inittab.py | Writes /etc/inittab with OpenRC defaults |
write_unreadable_etc.py | Writes files that can't be restored via debugfs due to permissions |
SmechOS — Phase 2: Compilation and configuration
Phase 2 requires the image mounted at /mnt/smechos
(set via SMECH_TARGET). Sources are compiled from
essentials/sources/ with CFLAGS, LDFLAGS, and
PKG_CONFIG_PATH pointing at $SMECH_TARGET/usr.
| Script | What it does |
|---|---|
01_compile_core_system.sh | Builds musl libc, bash, coreutils, util-linux, and other base tools |
02_compile_grub_efi.sh | Builds GRUB 2.12 with EFI and BIOS targets |
03_compile_qt_deps.sh | Builds Qt 6 dependencies (zlib, libpng, freetype, fontconfig, etc.) |
compile_mesa_stack.sh | Builds Mesa from source with AMD RDNA and virtio-gpu drivers |
04_compile_kde_stack.py | Builds KDE Frameworks 6 and Plasma 6.6.5 from source |
05_configure_plasma.sh | Writes Plasma session config, SDDM config, autologin.conf into target |
06_copy_kwin_deps.py | Copies KWin compositor runtime dependencies |
07_copy_qt6uitools.py | Copies Qt6UITools (needed by some Plasma components) |
compile_kernel.sh | Builds Linux 6.12.16 with KVM, VFIO, RDNA drivers |
08_patch_metadata.py | Patches version metadata in KDE source trees |
09_rotate_auth.py | Toggles Gemini CLI auth settings — not part of the OS build itself |
SmechVisor — Full build sequence
| Script | Phase | What it does |
|---|---|---|
10_bootstrap_musl.sh | Phase 1 | Bootstraps a minimal musl libc environment in the SmechVisor build root |
11_bootstrap_userland_musl.sh | Phase 1 | Builds BusyBox-style userland against musl |
12_write_etc_skeleton.py | Phase 2 | Writes /etc skeleton (hostname, hosts, fstab, resolv.conf) |
deploy_openrc.py | Phase 2 | Deploys OpenRC service scripts and runlevel symlinks |
edit_inittab.py | Phase 2 | Writes SmechVisor inittab (OpenRC, no getty except tty1) |
compile_kernel.sh | Phase 3 | Builds Linux 6.12.16 with KVM, VFIO, vhost, IOMMU drivers |
02_compile_grub_efi.sh | Phase 4 | Builds GRUB with IOMMU boot cmdline defaults |
13_install_smechvisor.sh | Phase 5 | Installs smechvisord binary, web assets, cloud-hypervisor, OpenRC init scripts |
15_build_smechvisor_install_iso.sh | Phase 6 | Packages everything into an offline install ISO |
16_build_smechvisor_deploy_shim.sh | Phase 7 | Builds the Deploy Shim ISO with spk-visor and the Newt TUI flow |
The spk build
spk is a separate Rust crate in repo-packs/. It is not
built by the orchestrator — build it manually and copy it into the target:
cd repo-packs
cargo build --release
cp target/release/spk /mnt/smechos/usr/bin/spk
Adding a new build script
- Create the script in
bin/with a numbered prefix matching its intended position (e.g.bin/17_my_step.sh). - Add the path to the appropriate
build_order*.txton a new line at the right position. - Export
SMECH_TARGETat the top of the script and use it as the install prefix for anymake installormeson installcalls. - Call
sudofor privileged operations — do not embed passwords or hardcode credentials.
bin/ contains both numbered (01_compile_core_system.sh) and
unnumbered (compile_core_system.sh) versions of some scripts. The numbered
versions listed in build_order.txt are the canonical ones — treat those as
the source of truth. The unnumbered copies are older drafts.