package/openssh: fix dependencies with refpolicy

Commit 2c5a82a29ceb (package/openssh: select linux-pam if refpolicy
upstream is selected) did not account for the linux-pam dependencies
before selecting it, causing unmet dependencies warnings (unfortunately,
not errors), such as:

    $ KCONFIG_SEED=0xCF227CF4 make randconfig
    WARNING: unmet direct dependencies detected for BR2_PACKAGE_LINUX_PAM
      Depends on [n]: BR2_ENABLE_LOCALE [=n] && BR2_USE_WCHAR [=n] && !BR2_STATIC_LIBS [=n] && BR2_USE_MMU [=y] && BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 [=y]
      Selected by [y]:
      - BR2_PACKAGE_OPENSSH [=y] && BR2_USE_MMU [=y] && BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION [=y]

2c5a82a29ceb made the choice of having openssl bear the responsibility
to select linux-pam when the upstream refpolicy version was enabled.
Semantically however, the responsibility really lies within refpolicy
itself, since that's what imposes linux-pam to openssh.

Move the select to refpolicy and drop it from openssh. Then, ensure that
linux-pam is only selected when it is available.

That means that one may get an openssh that is not linked against
linux-pam, when the linux-pam dependencies are not met; refpolicy (by
way of libsepol) also has a more stringent requirement on gcc version
than linux-pam, so most probably the missing dependencies would be
locale, wchar, or a static build. We consider that situation to be a
corner case that we do not want to address.

In the future, we may have more similar situations, whereby refpolicy
would impose other packages be linked with otherwise optional
dependencies. If (when) that were (will be) the case, then the proposed
mechanism would quickly become ugly; we could then re-assess a nicer way
to do that. Until then, this is good ebough.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <adam.duskett@amarulasolutions.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c20b2ae4ece10e07eeb80fcdd706a474d3be1475)
[Peter: drop gcc >= 4.9 dependency]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/openssh/Config.in

@@ -1,7 +1,6 @@
 config BR2_PACKAGE_OPENSSH
 	bool "openssh"
 	depends on BR2_USE_MMU # fork()
-	select BR2_PACKAGE_LINUX_PAM if BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION
 	select BR2_PACKAGE_OPENSSL
 	select BR2_PACKAGE_ZLIB
 	help

package/refpolicy/Config.in

@@ -36,6 +36,13 @@ choice
 
 config BR2_PACKAGE_REFPOLICY_UPSTREAM_VERSION
 	bool "Upstream version"
+	# Consider reworking the following when adding new entries:
+	# Upstream refpolicy for openssh expects linux-pam to be used
+	select BR2_PACKAGE_LINUX_PAM if BR2_PACKAGE_OPENSSH \
+		&& BR2_USE_MMU \
+		&& BR2_ENABLE_LOCALE \
+		&& BR2_USE_WCHAR \
+		&& !BR2_STATIC_LIBS
 	help
 	  Use the refpolicy as provided by Buildroot.