Debian Packaging
Open Sesame ships as two .deb packages built with cargo-deb. The two-package model mirrors the
Nix split: a headless package for servers and containers, and a desktop package that adds GUI daemons
for COSMIC/Wayland.
Package Overview
open-sesame (headless)
Defined in open-sesame/Cargo.toml under [package.metadata.deb].
| Field | Value |
|---|---|
| Package name | open-sesame |
| Section | utils |
| Priority | optional |
| Depends | libc6, libgcc-s1, libseccomp2 |
| Recommends | openssh-client |
| Suggests | open-sesame-desktop |
Installed binaries (to /usr/bin/):
sesame(CLI)daemon-profiledaemon-secretsdaemon-launcherdaemon-snippets
Installed systemd units (to /usr/lib/systemd/user/):
open-sesame-headless.targetopen-sesame-profile.serviceopen-sesame-secrets.serviceopen-sesame-launcher.serviceopen-sesame-snippets.service
Additional assets:
- Man page:
/usr/share/man/man1/sesame.1.gz(generated by xtask) - Shell completions: bash (
/usr/share/bash-completion/completions/sesame), zsh (/usr/share/zsh/vendor-completions/_sesame), and fish (/usr/share/fish/vendor_completions.d/sesame.fish) - Example config:
/usr/share/doc/open-sesame/config.example.toml
Maintainer scripts are sourced from scripts/.
open-sesame-desktop
Defined in daemon-wm/Cargo.toml under [package.metadata.deb].
| Field | Value |
|---|---|
| Package name | open-sesame-desktop |
| Section | utils |
| Priority | optional |
| Depends | open-sesame, libc6, libgcc-s1, libseccomp2, libxkbcommon0, libwayland-client0, libfontconfig1, libfreetype6, fonts-dejavu-core |
| Recommends | xdg-utils, fontconfig |
| Suggests | cosmic-desktop |
The open-sesame dependency ensures the headless daemons and CLI are installed before the desktop
layer.
Installed binaries (to /usr/bin/):
daemon-wmdaemon-clipboarddaemon-input
Installed systemd units (to /usr/lib/systemd/user/):
open-sesame-desktop.targetopen-sesame-wm.serviceopen-sesame-clipboard.serviceopen-sesame-input.service
Maintainer scripts are sourced from scripts/desktop/.
Systemd Targets
open-sesame-headless.target
[Unit]
Description=Open Sesame Headless Suite
Documentation=https://github.com/scopecreep-zip/open-sesame
[Install]
WantedBy=default.target
The headless target is wanted by default.target, meaning it activates on every user login
regardless of whether a graphical session exists. The four headless services declare
PartOf=open-sesame-headless.target.
open-sesame-desktop.target
[Unit]
Description=Open Sesame Desktop Suite
Documentation=https://github.com/scopecreep-zip/open-sesame
Requires=open-sesame-headless.target graphical-session.target
After=open-sesame-headless.target graphical-session.target
[Install]
WantedBy=graphical-session.target
The desktop target requires both the headless target (for IPC bus and secrets infrastructure) and
graphical-session.target (for Wayland compositor access). It is wanted by
graphical-session.target, so it only activates when a graphical session starts.
Service Hardening
All services in contrib/systemd/ use Type=notify with WatchdogSec=30, Restart=on-failure,
RestartSec=5, and NoNewPrivileges=yes. Resource limits include LimitMEMLOCK=64M (for
mlock-backed protected allocations), LimitCORE=0 (prevents core dumps), and MemoryMax caps
per daemon.
The daemon-profile service, which hosts the IPC bus, sets ProtectHome=read-only and
ProtectSystem=strict with ReadWritePaths=%t/pds %h/.config/pds.
Maintainer Scripts
Headless Package
postinst (scripts/postinst):
- Enables services globally with
systemctl --global enablefor the four headless services and the headless target. This persists across future logins and new users. - Reloads all active user managers with
systemctl reload 'user@*.service'so they see the new unit files. - Iterates over all currently logged-in users (by parsing UIDs from
systemctl list-units 'user@*') and restarts each headless service usingsystemctl --user -M "$uid@"with aSYSTEMD_BUS_TIMEOUT=25stimeout.
prerm (scripts/prerm):
- On
remove|deconfigure: stops all headless services for active users in reverse dependency order (snippets, launcher, secrets, profile), then disables globally. - On
upgrade: stops services only (does not disable). The postinst of the new version restarts with new binaries.
postrm (scripts/postrm):
- On
remove|purge: reloads user managers to clear removed unit files. Prints a message noting that user configuration at~/.config/pds/is preserved.
Desktop Package
postinst (scripts/desktop/postinst):
- Enables desktop services globally:
open-sesame-wm.service,open-sesame-clipboard.service,open-sesame-input.service,open-sesame-desktop.target. - Reloads active user managers.
- Restarts desktop services for all active users.
- Prints a note that
daemon-inputrequiresinputgroup membership for keyboard capture.
prerm (scripts/desktop/prerm):
- On
remove|deconfigure: stops desktop services (input, clipboard, wm) for active users, then disables globally. - On
upgrade: stops services only.
postrm (scripts/desktop/postrm):
- On
remove|purge: reloads user managers. Notes that headless daemons remain installed.
User Iteration Pattern
All maintainer scripts use the same active_user_uids() helper to discover logged-in users:
active_user_uids() {
systemctl list-units 'user@*' --legend=no 2>/dev/null \
| sed -n 's/.*user@\([0-9]\+\)\.service.*/\1/p'
}
This pattern is derived from systemd-update-helper.in and ensures services are managed for all
active user sessions, not just the invoking user.