Add linux-sysctl-defaults to base packages

[devsnek]

Description

Include linux-sysctl-defaults in base packages for distribution. This package installs https://github.com/systemd/systemd/blob/main/sysctl.d/50-default.conf into /usr/lib/sysctl.d/50-default.conf.

The primary fix here is to allow using ping without sudo. In older versions, ping had setcap/uid, but in more recent versions it is expected that the net.ipv4.ping_group_range sysctl is set instead (which the conf file does).

It also sets a few reasonable defaults for preventing common networking and filesystem security issues.

Here's a diff I made of my armbian system before and after installing this package: https://gist.github.com/devsnek/ee2cce1660e4522037b27899c46d387c

How Has This Been Tested?

I installed this package on my armbian system and rebooted and made sure that everything was still working as expected. I also verified that compile.sh still works to produce an image.

Checklist:

Please delete options that are not relevant.

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes generate no new warnings

Summary by CodeRabbit

• Chores
  • Updated CLI package sets for the Bookworm target to expand the default installed utilities and tooling.
• New Features
  • Added a system defaults package for managing kernel/sysctl defaults.
  • Pointed Bookworm desktop and additional package sets to shared common configurations for consistent behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds linux-sysctl-defaults to the common CLI package list and introduces a Bookworm-specific CLI layout: removes config/cli/bookworm/main, adds Bookworm packages and several symlink-style files pointing to common configs.

Changes

Cohort / File(s)	Summary
Common package list config/cli/common/main/packages	Added linux-sysctl-defaults to the package list.
Bookworm main entry removed config/cli/bookworm/main	Removed file that previously referenced ../common/main.
Bookworm config pointers config/cli/bookworm/main/config_desktop, config/cli/bookworm/main/packages.additional, config/cli/bookworm/main/packages.uninstall	New files added that reference shared/common paths (../../common/main/...) to reuse common desktop/additional/uninstall configs.
Bookworm packages config/cli/bookworm/main/packages	New Bookworm-specific package list added (core utilities, networking, debugging/monitoring, boot/storage, shells, SSH/WireGuard, localization/timezone packages).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A hop, a link, a tiny tweak,
Bookworm paths now softly speak,
Sysctl defaults join the line,
Shared configs folded, tidy, fine,
A rabbit cheers: small change, big shine. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding linux-sysctl-defaults to base packages. It directly reflects the primary modification across all files in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/cli/common/main/packages`:
- Line 27: The package entry "linux-sysctl-defaults" is present unconditionally
but is only in Debian bookworm backports; either ensure bookworm backports are
enabled during rootfs builds or make the package release-conditional so it is
skipped for bookworm. Fix by updating the package list handling that processes
"linux-sysctl-defaults" to check the target release (e.g., a release variable or
detector used in your packaging code) and only include the package for releases
where it exists (trixie/forky/sid and Ubuntu releases) or add logic to
enable/configure bookworm-backports during the build when the target is
bookworm.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a9be1840-ad3b-494a-9416-1f6e0d7a3879

📥 Commits

Reviewing files that changed from the base of the PR and between 03192b8 and 4a334a0.

📒 Files selected for processing (1)

• config/cli/common/main/packages

[github-actions]

✅ This PR has been reviewed and approved — all set for merge!

[EvilOlaf]

This will break Bookworm as rabbit correctly noticed the package does not exist in default Bookworm repo. Either must not be introduced or Bookworm must be retired the same way.

[igorpecovnik]

Perhaps it would be sane that we produce our defaults? This package only contains: /usr/lib/sysctl.d/50-default.conf

[devsnek]

@igorpecovnik perhaps... I think using the upstream package is nice though since it keeps everything in sync. Debian images all ship with this package installed, so it seems expected.

[iav]

Possible to unlink old distro version from "main", and keep old file version only for old distros.

[devsnek]

Updated for bookworm :)

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/cli/bookworm/main/packages`:
- Around line 26-27: Update the Bookworm package manifest by adding the missing
package name linux-sysctl-defaults to the packages list so the Bookworm CLI
image installs /usr/lib/sysctl.d/50-default.conf; edit the same packages file
that currently contains the entries linux-base and lsof and insert
linux-sysctl-defaults into that list (ensuring formatting matches the
surrounding lines).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 03e61cf7-cad8-4dba-a5c7-3a61edf82cb0

📥 Commits

Reviewing files that changed from the base of the PR and between 4a334a0 and 0e7c726.

📒 Files selected for processing (5)

• config/cli/bookworm/main
• config/cli/bookworm/main/config_desktop
• config/cli/bookworm/main/packages
• config/cli/bookworm/main/packages.additional
• config/cli/bookworm/main/packages.uninstall

💤 Files with no reviewable changes (1)

• config/cli/bookworm/main

✅ Files skipped from review due to trivial changes (3)

• config/cli/bookworm/main/packages.uninstall
• config/cli/bookworm/main/config_desktop
• config/cli/bookworm/main/packages.additional

[iav]

I check for "does image builds or not"

• trixie
• bullseye
• bookworm
• [crash] noble
• resolute
• jammy
• [crash unrelated to this pr] buster

[igorpecovnik]

If this package is not present everywhere ... then perhaps better shipping file as a part of bsp? (we had a plan for armbian-cli ... but not there ATM)

[iav]

I got the impression that (after the adoption of pr in its current form) the package is missing only in noble.
So we can add an exception for noble, as for bookworm .
Or just throw away noble.

An obvious or, even worse, hidden conflict with files from system repositories is a bad thing.

I recently had a really hard time realizing that Armbian was quietly and unnoticeably adding 1.0.0.1 to the DNS list...