Dietpi: System | /etc/sysctl.d/99-sysctl.conf -> /etc/sysctl.conf symlink missing

@johnnyt83
Many thanks for your report.

There have been reports about /etc/sysctl.conf being ignored since a symlink from /etc/sysctl.d/ was missing.
Please assure that this is the case:

2019-07-24 14:22:37 root@micha:/tmp# ls -Al /etc/sysctl.d/99-sysctl.conf
lrwxrwxrwx 1 root root 14 Jun  6 15:45 /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf

Otherwise:

ln -s ../sysctl.conf /etc/sysctl.d/99-sysctl.conf

But generally I would never use /etc/sysctl.conf. Just leave this untouched, so APT can update defaults in case. Instead create an own drop-in config file, e.g. /etc/sysctl.d/ip_forwarding.conf and put the setting there.

And, as long as you configure WireGuard with the wg0.conf I provided, you don't need the above setting at all. The wg0.conf enables IP forwarding targeted for the required network interfaces as PostUp commands.

I hope you can do something with this info here:

/src# ls -Al /etc/sysctl.d/99-sysctl.conf
-rw-r--r-- 1 root root 2683 Jul 21 09:54 /etc/sysctl.d/99-sysctl.conf
root@DietPi:/etc/wireguard/WireGuard/src# /etc/sysctl.d/99-sysctl.conf -> ../sysctl.conf
bash: /etc/sysctl.d/99-sysctl.conf: Permission denied
root@DietPi:/etc/wireguard/WireGuard/src#

@johnnyt83
/etc/sysctl.d/99-sysctl.conf is a file, that is strange... No idea what created this, especially since we recreated the symlink some version ago as already some other users reported it... Must be some faulty program installer.

Please do the following:

mv /etc/sysctl.d/99-sysctl.conf /etc/sysctl.conf
ln -s ../sysctl.conf /etc/sysctl.d/99-sysctl.conf

Then you can edit /etc/sysctl.conf and those will be loaded after reboot or sysctl reloading.
But it is as said not required with our WireGuard config, as we tied the settings to the WireGuard start there. The advantage is that nothing is forwarded if WireGuard has not been started and the other way round, if something resets the settings, WireGuard start will re-enable forwarding automatically.

Something I can fix as well when dealing with the WireGuard build process from the other issue 😉.

@MichaIng
sorry for coming back on this after such a long time. But I noticed some strange behaviour regarding the symlink.

1. I checked the image, the link was there :heavy_check_mark:
2. I flashed this image to SD card and mounted it on a different DietPi box, the link was there :heavy_check_mark:
3. I plugged this SD card into a RPi and perform initial setup, the link was missing :x:

not sure what happen on the initial run but the link got removed

Hmm, I'll also try this out, probably some bad package upgrade. I was always wondering why users report this (rarely but) regularly.

Current stable (32-bit) RPi image?

Both, 32bit as well as 64bit

From my current 64bit system

root@DietPi3:/etc/sysctl.d# ls -la
total 32
drwxr-xr-x  2 root root 4096 Aug  5 13:28 .
drwxr-xr-x 63 root root 4096 Aug  5 18:59 ..
-rw-r--r--  1 root root   51 Aug  5 13:26 98-rpi.conf
-rw-r--r--  1 root root 2351 Aug  5 13:26 99-sysctl.conf
-rw-r--r--  1 root root  639 May 31  2018 README.sysctl
-rw-r--r--  1 root root   70 Aug  5 13:26 dietpi-disable_ipv6.conf
-rw-r--r--  1 root root  220 Aug  5 13:26 dietpi.conf
-rw-r--r--  1 root root  324 Aug  5 13:26 protect-links.conf
root@DietPi3:/etc/sysctl.d#

Which is strange, as my current RPi4B prod system has the link still available. But I did not update for a while. Still running 4.19.118-v7l+

root@DietPi4:/etc/sysctl.d# ls -la
#insgesamt 28
drwxr-xr-x  2 root root 4096 Jun  8 20:54 .
drwxr-xr-x 78 root root 4096 Aug  3 21:25 ..
-rw-r--r--  1 root root   51 Sep 26  2019 98-rpi.conf
lrwxrwxrwx  1 root root   14 Mai 11 09:06 99-sysctl.conf -> ../sysctl.conf
-rw-r--r--  1 root root  220 Jul  7 23:42 dietpi.conf
-rw-r--r--  1 root root   70 Sep 26  2019 dietpi-disable_ipv6.conf
-rw-r--r--  1 root root  324 Sep 26  2019 protect-links.conf
-rw-r--r--  1 root root  639 Mai 31  2018 README.sysctl
root@DietPi4:/etc/sysctl.d#

Confirmed, it is already the case right after first login, without DietPi-Update or DietPi-Software.

Recreated symlink, reboot, everything is fine.

🈴 Running /var/lib/dietpi/services/dietpi-firstboot.bash, symlink is lost.
🈯 /boot/dietpi/func/dietpi-set_swapfile 0 /var/swap
🈯 /boot/dietpi/func/dietpi-set_hardware headless 0
🈯 /boot/dietpi/func/dietpi-set_hardware eth-forcespeed 0
🈯 /boot/dietpi/func/change_hostname DietPi
🈯 /boot/dietpi/func/dietpi-set_software apt-mirror https://deb.debian.org/debian/
🈯 dpkg-reconfigure -f noninteractive dropbear-run
🈯 systemd-machine-id-setup
🈯 /boot/dietpi/func/dietpi-set_hardware wifimodules disable
🈴 /boot/dietpi/func/dietpi-set_hardware enableipv6 1 <<< This replaces the symlink with the actual file 😱!

That is it: https://github.com/MichaIng/DietPi/blob/dev/dietpi/func/dietpi-set_hardware#L1217-L1225
sed -i does not edit the symlink target (as one would expect) but writes a new file (non-symlink) and replaces the edited file or symlink with it:

root@DietPi:/etc/sysctl.d# ls -al 99-sysctl.conf
lrwxrwxrwx 1 root root 14 Aug  5 22:19 99-sysctl.conf -> ../sysctl.conf
root@DietPi:/etc/sysctl.d# sed -i 's/something/different/' 99-sysctl.conf
root@DietPi:/etc/sysctl.d# ls -al 99-sysctl.conf
-rw-r--r-- 1 root root 2358 Aug  5 22:20 99-sysctl.conf

• I don't like that sed -i always replaces the target file (hence includes writes) even if there is not match/change done. grep -q needs to be done first, or maybe we find a nice mawk alternative.

Fixed: https://github.com/MichaIng/DietPi/blob/dev/dietpi/func/dietpi-set_hardware
Fixed with next update: https://github.com/MichaIng/DietPi/commit/3d048a287ad61f82909d9a719495032547dbcdf2
Changelog: https://github.com/MichaIng/DietPi/commit/24fe2af76e55e79ea28db82cd4b0dd1fb2b082a7