From 163afe017bcc932e043a5422af897e5073df37da Mon Sep 17 00:00:00 2001
From: Stefan Strogin <stefan.strogin@gmail.com>
Date: Wed, 27 Feb 2019 05:35:45 +0200
Subject: [PATCH] app-admin/sudo: add USE=system-digest & USE=libressl

Add system-digest USE flag for building with support of using message
digest functions from libgcrypt, LibreSSL or OpenSSL, depending on
USE gcrypt or libressl, instead of sudo's own implementation.

Minor amend of USE flag descriptions as per descriptions from sudo's
configure.ac and ChangeLog.

Closes: https://bugs.gentoo.org/678888
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/11168
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
---
 app-admin/sudo/metadata.xml          |  9 +++++++--
 app-admin/sudo/sudo-1.8.27-r1.ebuild | 20 +++++++++++++++-----
 2 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/app-admin/sudo/metadata.xml b/app-admin/sudo/metadata.xml
index de20459ab49a..8e31d55ef942 100644
--- a/app-admin/sudo/metadata.xml
+++ b/app-admin/sudo/metadata.xml
@@ -12,12 +12,17 @@
 		arguments.
 	</longdescription>
 	<use>
-		<flag name="gcrypt">Use SHA2 from <pkg>dev-libs/libgcrypt</pkg> instead of sudo's internal SHA2</flag>
+		<flag name="gcrypt">Use message digest functions from <pkg>dev-libs/libgcrypt</pkg> instead of sudo's</flag>
+		<flag name="libressl">Use message digest functions from <pkg>dev-libs/libressl</pkg> instead of sudo's</flag>
 		<flag name="offensive">Let sudo print insults when the user types the wrong password</flag>
-		<flag name="openssl">Use SHA2 from <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2</flag>
+		<flag name="openssl">Use message digest functions from <pkg>dev-libs/openssl</pkg> instead of sudo's</flag>
 		<flag name="sendmail">Allow sudo to send emails with sendmail</flag>
 		<flag name="sssd">Add System Security Services Daemon support</flag>
 		<flag name="secure-path">Replace PATH variable with compile time secure paths</flag>
+		<flag name="system-digest">
+			Use message digest functions from <pkg>dev-libs/libgcrypt</pkg>, <pkg>dev-libs/libressl</pkg>
+			or <pkg>dev-libs/openssl</pkg> instead of sudo's internal SHA2 implementation
+		</flag>
 	</use>
 	<upstream>
 		<remote-id type="cpe">cpe:/a:todd_miller:sudo</remote-id>
diff --git a/app-admin/sudo/sudo-1.8.27-r1.ebuild b/app-admin/sudo/sudo-1.8.27-r1.ebuild
index 39da1e74a42d..7dded75d56c5 100644
--- a/app-admin/sudo/sudo-1.8.27-r1.ebuild
+++ b/app-admin/sudo/sudo-1.8.27-r1.ebuild
@@ -31,20 +31,25 @@ fi
 # 3-clause BSD license
 LICENSE="ISC BSD"
 SLOT="0"
-IUSE="gcrypt ldap nls offensive openssl pam sasl +secure-path selinux +sendmail skey sssd"
+IUSE="gcrypt ldap libressl nls offensive pam sasl +secure-path selinux +sendmail skey sssd system-digest"
 
 CDEPEND="
 	sys-libs/zlib:=
-	gcrypt? ( dev-libs/libgcrypt:= )
 	ldap? (
 		>=net-nds/openldap-2.1.30-r1
 		dev-libs/cyrus-sasl
 	)
-	openssl? ( dev-libs/openssl:0= )
 	pam? ( virtual/pam )
 	sasl? ( dev-libs/cyrus-sasl )
 	skey? ( >=sys-auth/skey-1.1.5-r1 )
 	sssd? ( sys-auth/sssd[sudo] )
+	system-digest? (
+		gcrypt? ( dev-libs/libgcrypt:= )
+		!gcrypt? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:0= )
+		)
+	)
 "
 RDEPEND="
 	${CDEPEND}
@@ -65,7 +70,6 @@ S="${WORKDIR}/${MY_P}"
 REQUIRED_USE="
 	pam? ( !skey )
 	skey? ( !pam )
-	?? ( gcrypt openssl )
 "
 
 MAKEOPTS+=" SAMPLES="
@@ -145,7 +149,6 @@ src_configure() {
 		--without-opie
 		$(use_enable gcrypt)
 		$(use_enable nls)
-		$(use_enable openssl)
 		$(use_enable sasl)
 		$(use_with offensive insults)
 		$(use_with offensive all-insults)
@@ -157,6 +160,13 @@ src_configure() {
 		$(use_with selinux)
 		$(use_with sendmail)
 	)
+
+	if use system-digest && ! use gcrypt; then
+		myeconfargs+=("--enable-openssl")
+	else
+		myeconfargs+=("--disable-openssl")
+	fi
+
 	econf "${myeconfargs[@]}"
 }
 
-- 
2.26.2