From 271177a0f781a116ddaeb485ac62d28bc18fe74c Mon Sep 17 00:00:00 2001
From: Sam Tygier <samtygier@yahoo.co.uk>
Date: Mon, 23 Dec 2019 14:21:08 +0000
Subject: [PATCH 1/7] Use tee with wpa_passphrase so errors are visable

wpa_passphrase writes its error messages to stdout, so this needs to
tee so that errors are visable to user. Also need to enable pipefail
so that the error code still gets caught.
---
 stage2/02-net-tweaks/01-run.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/stage2/02-net-tweaks/01-run.sh b/stage2/02-net-tweaks/01-run.sh
index 154e515..63fbff7 100755
--- a/stage2/02-net-tweaks/01-run.sh
+++ b/stage2/02-net-tweaks/01-run.sh
@@ -12,7 +12,8 @@ fi
 
 if [ -v WPA_ESSID ] && [ -v WPA_PASSWORD ]; then
 on_chroot <<EOF
-wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" >> "/etc/wpa_supplicant/wpa_supplicant.conf"
+set -o pipefail
+wpa_passphrase "${WPA_ESSID}" "${WPA_PASSWORD}" | tee -a "/etc/wpa_supplicant/wpa_supplicant.conf"
 EOF
 elif [ -v WPA_ESSID ]; then
 cat >> "${ROOTFS_DIR}/etc/wpa_supplicant/wpa_supplicant.conf" << EOL

From 024840034e2fab7efe170a303ef726fed1314f82 Mon Sep 17 00:00:00 2001
From: Sam Tygier <samtygier@yahoo.co.uk>
Date: Mon, 23 Dec 2019 14:29:09 +0000
Subject: [PATCH 2/7] Check WPA_PASSWORD length early

WPA_PASSWORD needs to be between 8 adn 63 characters. Check early
to avoid hitting error in stage2.
---
 build.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/build.sh b/build.sh
index a396b06..4ef6296 100755
--- a/build.sh
+++ b/build.sh
@@ -220,6 +220,11 @@ if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then
 	exit 1
 fi
 
+if [[ ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63  ]] ; then
+	echo "WPA_PASSWORD" must be between 8 and 63 characters
+	exit 1
+fi
+
 mkdir -p "${WORK_DIR}"
 log "Begin ${BASE_DIR}"
 

From 9d334bee66a75bd334b8f241f1c31ce6cc0f5f17 Mon Sep 17 00:00:00 2001
From: Sam Tygier <samtygier@yahoo.co.uk>
Date: Tue, 7 Jan 2020 21:48:09 +0000
Subject: [PATCH 3/7] WPA_PASSWORD length check should only occur if set

Test if WPA_PASSWORD is set before check that it has a valid length.
---
 build.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index 4ef6296..9e78728 100755
--- a/build.sh
+++ b/build.sh
@@ -220,7 +220,7 @@ if [[ -n "${APT_PROXY}" ]] && ! curl --silent "${APT_PROXY}" >/dev/null ; then
 	exit 1
 fi
 
-if [[ ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63  ]] ; then
+if [[ -n "${WPA_PASSWORD}" && ${#WPA_PASSWORD} -lt 8 || ${#WPA_PASSWORD} -gt 63  ]] ; then
 	echo "WPA_PASSWORD" must be between 8 and 63 characters
 	exit 1
 fi

From f9375cdcec9421a0b5290a1c34c899d976f60f31 Mon Sep 17 00:00:00 2001
From: Andrew Pattison <58046090+andrum99@users.noreply.github.com>
Date: Wed, 8 Jan 2020 11:54:06 +0000
Subject: [PATCH 4/7] README.md - mention WPA_PASSWORD length requirement

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1f8524b..04e1caa 100644
--- a/README.md
+++ b/README.md
@@ -119,7 +119,7 @@ The following environment variables are supported:
 
  * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset)
 
-   If these are set, they are use to configure `wpa_supplicant.conf`, so that the raspberry pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured.
+   If these are set, they are use to configure `wpa_supplicant.conf`, so that the raspberry pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters.
 
  * `ENABLE_SSH` (Default: `0`)
 

From f8f3d6fe93a6709f02f63f3a203a38bcd33a0c0d Mon Sep 17 00:00:00 2001
From: Andrew Pattison <58046090+andrum99@users.noreply.github.com>
Date: Wed, 8 Jan 2020 11:55:34 +0000
Subject: [PATCH 5/7] capitalise Raspberry Pi

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 04e1caa..73d4961 100644
--- a/README.md
+++ b/README.md
@@ -119,11 +119,11 @@ The following environment variables are supported:
 
  * `WPA_ESSID`, `WPA_PASSWORD` and `WPA_COUNTRY` (Default: unset)
 
-   If these are set, they are use to configure `wpa_supplicant.conf`, so that the raspberry pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters.
+   If these are set, they are use to configure `wpa_supplicant.conf`, so that the Raspberry Pi can automatically connect to a wifi network on first boot. If `WPA_ESSID` is set and `WPA_PASSWORD` is unset an unprotected wifi network will be configured. If set, `WPA_PASSWORD` must be between 8 and 63 characters.
 
  * `ENABLE_SSH` (Default: `0`)
 
-   Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you RaspberryPi.
+   Setting to `1` will enable ssh server for remote log in. Note that if you are using a common password such as the defaults there is a high risk of attackers taking over you Raspberry Pi.
 
  * `STAGE_LIST` (Default: `stage*`)
 

From 24bb01dec280f568ac59cdd1253a33a6d30ac4c4 Mon Sep 17 00:00:00 2001
From: Serge Schneider <serge@raspberrypi.org>
Date: Thu, 5 Dec 2019 16:25:18 +0000
Subject: [PATCH 6/7] Rename HOSTNAME variable to TARGET_HOSTNAME

Bash sets the HOSTNAME variable, overriding our default
---
 README.md                      | 2 +-
 build.sh                       | 2 +-
 stage1/02-net-tweaks/00-run.sh | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 73d4961..bf681fa 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ The following environment variables are supported:
 
    Default system locale.
 
- * `HOSTNAME` (Default: "raspberrypi" )
+ * `TARGET_HOSTNAME` (Default: "raspberrypi" )
 
    Setting the hostname to the specified value.
 
diff --git a/build.sh b/build.sh
index 9e78728..a906e10 100755
--- a/build.sh
+++ b/build.sh
@@ -162,7 +162,7 @@ export DEPLOY_DIR=${DEPLOY_DIR:-"${BASE_DIR}/deploy"}
 export DEPLOY_ZIP="${DEPLOY_ZIP:-1}"
 export LOG_FILE="${WORK_DIR}/build.log"
 
-export HOSTNAME=${HOSTNAME:-raspberrypi}
+export TARGET_HOSTNAME=${TARGET_HOSTNAME:-raspberrypi}
 
 export FIRST_USER_NAME=${FIRST_USER_NAME:-pi}
 export FIRST_USER_PASS=${FIRST_USER_PASS:-raspberry}
diff --git a/stage1/02-net-tweaks/00-run.sh b/stage1/02-net-tweaks/00-run.sh
index fc9e763..4943cab 100755
--- a/stage1/02-net-tweaks/00-run.sh
+++ b/stage1/02-net-tweaks/00-run.sh
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 
-echo "${HOSTNAME}" > "${ROOTFS_DIR}/etc/hostname"
-echo "127.0.1.1		${HOSTNAME}" >> "${ROOTFS_DIR}/etc/hosts"
+echo "${TARGET_HOSTNAME}" > "${ROOTFS_DIR}/etc/hostname"
+echo "127.0.1.1		${TARGET_HOSTNAME}" >> "${ROOTFS_DIR}/etc/hosts"
 
 ln -sf /dev/null "${ROOTFS_DIR}/etc/systemd/network/99-default.link"

From 0a6624b26dd8006a75725e5379431abf1c5b0f09 Mon Sep 17 00:00:00 2001
From: Serge Schneider <serge@raspberrypi.org>
Date: Fri, 24 Jan 2020 12:48:57 +0000
Subject: [PATCH 7/7] Update ROOT_MARGIN

---
 Dockerfile             | 2 +-
 README.md              | 2 +-
 depends                | 1 +
 export-image/prerun.sh | 2 +-
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 706a5fb..35f483a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ RUN apt-get -y update && \
     apt-get -y install \
         git vim parted \
         quilt coreutils qemu-user-static debootstrap zerofree zip dosfstools \
-        bsdtar libcap2-bin rsync grep udev xz-utils curl xxd file kmod\
+        bsdtar libcap2-bin rsync grep udev xz-utils curl xxd file kmod bc\
     && rm -rf /var/lib/apt/lists/*
 
 COPY . /pi-gen/
diff --git a/README.md b/README.md
index bf681fa..ec4f65c 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ To install the required dependencies for pi-gen you should run:
 
 ```bash
 apt-get install coreutils quilt parted qemu-user-static debootstrap zerofree zip \
-dosfstools bsdtar libcap2-bin grep rsync xz-utils file git curl
+dosfstools bsdtar libcap2-bin grep rsync xz-utils file git curl bc
 ```
 
 The file `depends` contains a list of tools needed.  The format of this
diff --git a/depends b/depends
index 6238eb1..a86bc82 100644
--- a/depends
+++ b/depends
@@ -16,3 +16,4 @@ xxd
 file
 git
 lsmod:kmod
+bc
diff --git a/export-image/prerun.sh b/export-image/prerun.sh
index cecde32..8bbc566 100755
--- a/export-image/prerun.sh
+++ b/export-image/prerun.sh
@@ -18,7 +18,7 @@ ALIGN="$((4 * 1024 * 1024))"
 # some overhead (since actual space usage is usually rounded up to the
 # filesystem block size) and gives some free space on the resulting
 # image.
-ROOT_MARGIN=$((800*1024*1024))
+ROOT_MARGIN="$(echo "($ROOT_SIZE * 0.2 + 200 * 1024 * 1024) / 1" | bc)"
 
 BOOT_PART_START=$((ALIGN))
 BOOT_PART_SIZE=$(((BOOT_SIZE + ALIGN - 1) / ALIGN * ALIGN))