openwrt · peter-stadler · Feb 19, 2020
diff --git a/net/nginx/Makefile b/net/nginx/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nginx
-PKG_VERSION:=1.17.9
-PKG_RELEASE:=1
+PKG_VERSION:=1.17.10
+PKG_RELEASE:=2
 
 PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://nginx.org/download/
-PKG_HASH:=7dd65d405c753c41b7fdab9415cfb4bdbaf093ec6d9f7432072d52cb7bcbb689
+PKG_HASH:=a9aa73f19c352a6b166d78e2a664bb3ef1295bbe6d3cc5aa7404bd4664ab4b83
 
 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
 				Ansuel Smith <ansuelsmth@gmail.com>
@@ -98,6 +98,8 @@ define Package/nginx
   $(Package/nginx/default)
   DEPENDS += +!NGINX_SSL:nginx-util +NGINX_SSL&&NGINX_PCRE:nginx-ssl-util \
 	+NGINX_SSL&&NGINX_NOPCRE:nginx-ssl-util-nopcre
+  EXTRA_DEPENDS:=nginx$(if $(CONFIG_NGINX_SSL),-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre),-util) \
+	(>=1.4-1) (<2)
   VARIANT:=no-ssl
 endef
 
@@ -106,6 +108,7 @@ define Package/nginx-ssl
   TITLE += with SSL support
   DEPENDS += +libopenssl +NGINX_PCRE:nginx-ssl-util \
 	+!NGINX_PCRE:nginx-ssl-util-nopcre
+  EXTRA_DEPENDS:=nginx-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre) (>=1.4-1) (<2)
   VARIANT:=ssl
   PROVIDES:=nginx
 endef
@@ -119,6 +122,7 @@ define Package/nginx-all-module
   TITLE += with ALL module selected
   DEPENDS:=+libpcre +libopenssl +zlib +liblua +libpthread +libxml2 \
    +libubus +libblobmsg-json +libjson-c +nginx-ssl-util
+  EXTRA_DEPENDS:=nginx-ssl-util (>=1.4-1) (<2)
   VARIANT:=all-module
   PROVIDES:=nginx
 endef
@@ -394,8 +398,6 @@ define Package/nginx/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nginx $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/nginx/conf.d
 	$(INSTALL_DATA) $(addprefix $(PKG_INSTALL_DIR)/etc/nginx/,$(config_files)) $(1)/etc/nginx/
-	$(INSTALL_CONF) ./files/nginx.conf $(1)/etc/nginx/
-	$(INSTALL_CONF) ./files/_lan.conf $(1)/etc/nginx/conf.d/
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
 ifeq ($(CONFIG_NGINX_NAXSI),y)
@@ -405,37 +407,20 @@ ifeq ($(CONFIG_NGINX_NAXSI),y)
 endif
 	$(if $(CONFIG_NGINX_NAXSI),$($(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx))
 	$(if $(CONFIG_NGINX_NAXSI),$(chmod 0640 $(1)/etc/nginx/naxsi_core.rules))
-ifeq ($(CONFIG_NGINX_SSL),y)
-	$(INSTALL_CONF) ./files/_redirect2ssl.conf $(1)/etc/nginx/conf.d/
-endif
-ifneq ($(CONFIG_IPV6),y)
-	$(SED) '/listen\s*\[/d' $(1)/etc/nginx/conf.d/*.conf # without IPv6 [::]
-endif
 endef
 
-define Package/nginx-ssl/install
-	$(call Package/nginx/install, $(1))
-	$(INSTALL_CONF) ./files/_redirect2ssl.conf $(1)/etc/nginx/conf.d/
-ifneq ($(CONFIG_IPV6),y)
-	$(SED) '/listen\s*\[/d' $(1)/etc/nginx/conf.d/*.conf # without IPv6 [::]
-endif
-endef
+Package/nginx-ssl/install = $(Package/nginx/install)
 
 Package/nginx-all-module/install = $(Package/nginx-ssl/install)
 
 define Package/nginx-ssl/prerm
 #!/bin/sh
 [ -z "$${IPKG_INSTROOT}" ] || exit 0
-if [ "$${PKG_UPGRADE}" == "1" ]; then
-	eval $$(/usr/bin/nginx-util get_env)
-	TMP_CRT=$$(mktemp -p "$${CONF_DIR}" "$${LAN_NAME}.crt.tmp-XXXXXX")
-	ln -f "$${CONF_DIR}$${LAN_NAME}.crt" "$${TMP_CRT}"
-	TMP_KEY=$$(mktemp -p "$${CONF_DIR}" "$${LAN_NAME}.key.tmp-XXXXXX")
-	ln -f "$${CONF_DIR}$${LAN_NAME}.key" "$${TMP_KEY}"
-fi
-/usr/bin/nginx-util del_ssl
-[ -f "$${TMP_CRT}" ] && mv -f "$${TMP_CRT}" "$${CONF_DIR}$${LAN_NAME}.crt"
-[ -f "$${TMP_KEY}" ] && mv -f "$${TMP_KEY}" "$${CONF_DIR}$${LAN_NAME}.key"
+[ "$${PKG_UPGRADE}" = "1" ] && exit 0
+eval $$(/usr/bin/nginx-util get_env)
+[ "$$(uci get "nginx.$${LAN_NAME}.$${MANAGE_SSL}")" = "self-signed" ] || exit 0
+rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate")"
+rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate_key")"
 exit 0
 endef