Adhere to XDG spec

[ghost]

Would be better to follow https://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html for salt (and all other) files:
Use $XDG_CONFIG_HOME/ext4_encryption_salt instead of $HOME/.ext4_encryption_salt

[neithernut]

Yeah, I regularly forget about xdg.
Well, we should still have $HOME as a fallback. XDG_CONFIG_HOME is not set on all systems. But that's what the spec says anyway.

[neithernut]

Turns out it isn't that simple. we (usually) are part of the process setting up the session. At the point the module is invoked, the user environment may not be setup. That's one the reasons why we don't query the HOME variable but look up the home directory through libpam, by the way.

In my use case, for example, the module is invoked very early in the login process. Sourcing the bash profile and setting environment variables like XDG_CONFIG_HOME, on the other hand, is pretty much the last thing in that process.

The even bigger issue is that the salts are loaded during authentication and not during session-setup. We do this because the password entered by the user is not available during session setup by default. (I decided to rather have the encryption keys shipped from one phase to the other than a user password in clear text.)

So while you brought up a very good point, this is pretty much a "won't fix". Sorry for that.