Build Pipeline SmechDeploy

SmechDeploy is the build and deployment toolkit for the entire Smech Labs OS stack. It is a collection of shell and Python scripts that compile upstream sources and write the results into raw disk images — no package manager, no container, no external build system abstraction.

What it builds

OutputProfileDescription
images/smechos.img smechos SmechOS master disk image — KDE Plasma 6, OpenRC, spk
images/smechvisor-install-*.iso smechvisor SmechVisor install ISO — offline installer, all packages on disc
images/smechvisor-shim-*.iso smechvisor Deploy Shim ISO — minimal boot for network deployment

Repository layout

SmechDeploy/
├── bin/                      # build scripts (shell + Python)
├── build_order.txt           # SmechOS script execution order
├── build_order_smechvisor.txt # SmechVisor script execution order
├── images/                   # raw disk images (not in git)
├── essentials/               # vendored upstream sources (not in git)
├── deps/                     # third-party deps (libnl, meson, etc.)
├── repo-packs/               # spk Rust source
├── repo-packs-installer/     # smech-installer Rust source (SmechOS TUI installer)
├── repo-packs-installer-visor/ # smechvisor-installer Rust source
├── repo-packs-spkvisor/      # spk-visor Rust source
├── config/                   # OpenRC service configs, SDDM config
└── .venv/                    # Python venv for the orchestrator
Never commit these directories /iso-builder/, /deps/, /essentials/, and /images/ are excluded from git via .gitignore. They contain multi-GB build artifacts, pre-compiled binaries, and vendored sources that do not belong in version control.

Prerequisites

Build Profiles

SmechOS profile

Run the full SmechOS build:

cd SmechDeploy
sudo bash bin/build_smechos.sh

The orchestrator reads build_order.txt, activates the Python venv, and runs each script in order. See Script Reference for individual phase descriptions.

SmechVisor profile

Run the full SmechVisor build:

cd SmechDeploy
export SMECH_TARGET=/mnt/smechos_build_root
sudo bash bin/build_smechos.sh --profile smechvisor

Uses build_order_smechvisor.txt. Bootstraps a musl userland, compiles the kernel, installs the smechvisord daemon, and produces both the install ISO and the deploy shim ISO.

Running a single phase

Every script auto-detects its own SCRIPT_DIR and DEPLOY_ROOT, so individual phase scripts can be run standalone:

sudo SMECH_TARGET=/mnt/smechos bash bin/04_compile_kde_stack.py
sudo bash bin/15_build_smechvisor_install_iso.sh

Script Reference

SmechOS — Phase 1: Base system restoration

Phase 1 operates directly on images/part2.img via debugfs -w, without mounting. It pulls files from a reference host at /mnt/kaymium_sovereign.

ScriptWhat it does
restore_utils.pyRestores core userland utilities into part2.img
restore_lib64.pyRestores shared libraries (/lib64, /usr/lib)
restore_etc.pyRestores /etc skeleton (without sensitive files)
deploy_openrc.pyCopies OpenRC skeleton from deps/others/openrc_install
edit_inittab.pyWrites /etc/inittab with OpenRC defaults
write_unreadable_etc.pyWrites files that can't be restored via debugfs due to permissions

SmechOS — Phase 2: Compilation and configuration

Phase 2 requires the image mounted at /mnt/smechos (set via SMECH_TARGET). Sources are compiled from essentials/sources/ with CFLAGS, LDFLAGS, and PKG_CONFIG_PATH pointing at $SMECH_TARGET/usr.

ScriptWhat it does
01_compile_core_system.shBuilds musl libc, bash, coreutils, util-linux, and other base tools
02_compile_grub_efi.shBuilds GRUB 2.12 with EFI and BIOS targets
03_compile_qt_deps.shBuilds Qt 6 dependencies (zlib, libpng, freetype, fontconfig, etc.)
compile_mesa_stack.shBuilds Mesa from source with AMD RDNA and virtio-gpu drivers
04_compile_kde_stack.pyBuilds KDE Frameworks 6 and Plasma 6.6.5 from source
05_configure_plasma.shWrites Plasma session config, SDDM config, autologin.conf into target
06_copy_kwin_deps.pyCopies KWin compositor runtime dependencies
07_copy_qt6uitools.pyCopies Qt6UITools (needed by some Plasma components)
compile_kernel.shBuilds Linux 6.12.16 with KVM, VFIO, RDNA drivers
08_patch_metadata.pyPatches version metadata in KDE source trees
09_rotate_auth.pyToggles Gemini CLI auth settings — not part of the OS build itself

SmechVisor — Full build sequence

ScriptPhaseWhat it does
10_bootstrap_musl.shPhase 1Bootstraps a minimal musl libc environment in the SmechVisor build root
11_bootstrap_userland_musl.shPhase 1Builds BusyBox-style userland against musl
12_write_etc_skeleton.pyPhase 2Writes /etc skeleton (hostname, hosts, fstab, resolv.conf)
deploy_openrc.pyPhase 2Deploys OpenRC service scripts and runlevel symlinks
edit_inittab.pyPhase 2Writes SmechVisor inittab (OpenRC, no getty except tty1)
compile_kernel.shPhase 3Builds Linux 6.12.16 with KVM, VFIO, vhost, IOMMU drivers
02_compile_grub_efi.shPhase 4Builds GRUB with IOMMU boot cmdline defaults
13_install_smechvisor.shPhase 5Installs smechvisord binary, web assets, cloud-hypervisor, OpenRC init scripts
15_build_smechvisor_install_iso.shPhase 6Packages everything into an offline install ISO
16_build_smechvisor_deploy_shim.shPhase 7Builds the Deploy Shim ISO with spk-visor and the Newt TUI flow

The spk build

spk is a separate Rust crate in repo-packs/. It is not built by the orchestrator — build it manually and copy it into the target:

cd repo-packs
cargo build --release
cp target/release/spk /mnt/smechos/usr/bin/spk

Adding a new build script

  1. Create the script in bin/ with a numbered prefix matching its intended position (e.g. bin/17_my_step.sh).
  2. Add the path to the appropriate build_order*.txt on a new line at the right position.
  3. Export SMECH_TARGET at the top of the script and use it as the install prefix for any make install or meson install calls.
  4. Call sudo for privileged operations — do not embed passwords or hardcode credentials.
Numbered vs unnumbered scripts bin/ contains both numbered (01_compile_core_system.sh) and unnumbered (compile_core_system.sh) versions of some scripts. The numbered versions listed in build_order.txt are the canonical ones — treat those as the source of truth. The unnumbered copies are older drafts.