sys-auth/pam_mount: fix LUKS2 header detection for AEAD/integrity

Trying to use a LUKS2 device via pam_mount fails with a cryptic message:
'No dmcrypt cipher specified (use -o cipher=xxx)'

Trivial upstream patch is needed to fix the detection.

See-Also: https://bbs.archlinux.org/viewtopic.php?id=242131
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>

2 files changed, 96 insertions, 0 deletions

diff --git a/sys-auth/pam_mount/files/pam_mount-2.16-crypto-Add-support-for-LUKS2.patch b/sys-auth/pam_mount/files/pam_mount-2.16-crypto-Add-support-for-LUKS2.patch
new file mode 100644
index 000000000000..437f359277d5
--- /dev/null
+++ b/sys-auth/pam_mount/files/pam_mount-2.16-crypto-Add-support-for-LUKS2.patch
@@ -0,0 +1,52 @@
+From d4434c05e7c0cf05d87089404cfa2deedc60811a Mon Sep 17 00:00:00 2001
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Mon, 29 Oct 2018 16:47:40 +0100
+Subject: [PATCH] crypto: Add support for LUKS2
+
+Cryptsetup version 2.0 added support for LUKS2.
+This patch adds support for mounting LUKS2 volumes with
+pam_mount.
+
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+---
+ src/crypto-dmc.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/crypto-dmc.c b/src/crypto-dmc.c
+index d0ab6ca..abd0358 100644
+--- a/src/crypto-dmc.c
++++ b/src/crypto-dmc.c
+@@ -21,6 +21,12 @@
+ #include "libcryptmount.h"
+ #include "pam_mount.h"
+ 
++#ifndef CRYPT_LUKS
++	#define CRYPT_LUKS	NULL /* Passing NULL to crypt_load will
++					default to LUKS(1) on older
++					libcryptsetup versions. */
++#endif
++
+ /**
+  * dmc_is_luks - check if @path points to a LUKS volume (cf. normal dm-crypt)
+  * @path:	path to the crypto container
+@@ -48,7 +54,7 @@ EXPORT_SYMBOL int ehd_is_luks(const char *path, bool blkdev)
+ 
+ 	ret = crypt_init(&cd, device);
+ 	if (ret == 0) {
+-		ret = crypt_load(cd, CRYPT_LUKS1, NULL);
++		ret = crypt_load(cd, CRYPT_LUKS, NULL);
+ 		if (ret == -EINVAL)
+ 			ret = false;
+ 		else if (ret == 0)
+@@ -106,7 +112,7 @@ static bool dmc_run(const struct ehd_mount_request *req,
+ #endif
+ 	}
+ 
+-	ret = crypt_load(cd, CRYPT_LUKS1, NULL);
++	ret = crypt_load(cd, CRYPT_LUKS, NULL);
+ 	if (ret == 0) {
+ 		ret = crypt_activate_by_passphrase(cd, mt->crypto_name,
+ 		      CRYPT_ANY_SLOT, req->key_data, req->key_size, flags);
+-- 
+2.21.0
+
diff --git a/sys-auth/pam_mount/pam_mount-2.16-r1.ebuild b/sys-auth/pam_mount/pam_mount-2.16-r1.ebuild
new file mode 100644
index 000000000000..c13a0c5eacbb
--- /dev/null
+++ b/sys-auth/pam_mount/pam_mount-2.16-r1.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit multilib
+
+DESCRIPTION="A PAM module that can mount volumes for a user session"
+HOMEPAGE="http://pam-mount.sourceforge.net"
+SRC_URI="mirror://sourceforge/pam-mount/${P}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+
+IUSE="crypt ssl selinux"
+
+COMMON_DEPEND=">=sys-libs/pam-0.99
+	>=sys-libs/libhx-3.12.1
+	>=dev-libs/libxml2-2.6
+	crypt? ( >=sys-fs/cryptsetup-1.1.0 )
+	ssl? ( dev-libs/openssl:0= )
+	selinux? ( sys-libs/libselinux )"
+DEPEND="${COMMON_DEPEND}
+	virtual/pkgconfig"
+RDEPEND="${COMMON_DEPEND}
+	>=sys-apps/util-linux-2.20"
+
+PATCHES=(
+		"${FILESDIR}"/pam_mount-2.16-crypto-Add-support-for-LUKS2.patch
+)
+
+src_configure() {
+	econf --with-slibdir="/$(get_libdir)" \
+			$(use_with crypt cryptsetup) \
+			$(use_with ssl crypto) \
+			$(use_with selinux)
+}
+
+src_install() {
+	default
+	use selinux || rm -r "${D}"/etc/selinux
+	dodoc doc/*.txt
+}