clevis/debian/patches/cherry-pick/1605845630.v15-3-ga07e753.tests-update-src-luks-tests-to-use-shared-tang-test-functions.patch

Subject: Tests: update src/luks/tests to use shared tang test functions
Origin: v15-3-ga07e753 <https://github.com/latchset/clevis/commit/v15-3-ga07e753>
Upstream-Author: Sergio Correia <scorreia@redhat.com>
Date: Fri Nov 20 01:13:50 2020 -0300

--- a/src/luks/tests/assume-yes
+++ b/src/luks/tests/assume-yes
@@ -33,11 +33,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 cfg=$(printf '{"url":"%s"}' "$url")
 
 test_tang() {
--- a/src/luks/tests/assume-yes-luks2
+++ b/src/luks/tests/assume-yes-luks2
@@ -33,11 +33,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 cfg=$(printf '{"url":"%s"}' "$url")
 
 # LUKS2.
--- a/src/luks/tests/backup-restore-luks1
+++ b/src/luks/tests/backup-restore-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/backup-restore-luks2
+++ b/src/luks/tests/backup-restore-luks2
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-already-used-luksmeta-slot
+++ b/src/luks/tests/bind-already-used-luksmeta-slot
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-key-file-non-interactive-luks1
+++ b/src/luks/tests/bind-key-file-non-interactive-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 UUID="cb6e8904-81ff-40da-a84a-07ab9ab5715e"
 KEYFILE="${TMP}/key"
--- a/src/luks/tests/bind-luks1
+++ b/src/luks/tests/bind-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-luks2
+++ b/src/luks/tests/bind-luks2
@@ -35,7 +35,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS2.
--- a/src/luks/tests/bind-pass-with-newline-keyfile-luks1
+++ b/src/luks/tests/bind-pass-with-newline-keyfile-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-pass-with-newline-luks1
+++ b/src/luks/tests/bind-pass-with-newline-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-wrong-pass-luks1
+++ b/src/luks/tests/bind-wrong-pass-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/bind-wrong-pass-luks2
+++ b/src/luks/tests/bind-wrong-pass-luks2
@@ -35,7 +35,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS2.
--- a/src/luks/tests/edit-tang-luks1
+++ b/src/luks/tests/edit-tang-luks1
@@ -36,11 +36,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 
 cfg=$(printf '{"url":"%s"}' "${url}")
 
@@ -65,11 +64,10 @@
 
 # Now let's have another tang instance running and change the config to use
 # the new one.
-port2=$(get_random_port)
+port2=$(tang_new_random_port)
 TMP2="$(mktemp -d)"
-tang_run "${TMP2}" "${port2}" &
-tang_wait_until_ready "${port2}"
-new_url="http://${TANG_HOST}:${port2}"
+tang_run "${TMP2}" "${port2}"
+new_url="http://localhost:${port2}"
 new_cfg=$(printf '{"url":"%s"}' "${new_url}")
 
 if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
--- a/src/luks/tests/edit-tang-luks2
+++ b/src/luks/tests/edit-tang-luks2
@@ -36,11 +36,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 
 cfg=$(printf '{"url":"%s"}' "${url}")
 
@@ -65,11 +64,10 @@
 
 # Now let's have another tang instance running and change the config to use
 # the new one.
-port2=$(get_random_port)
+port2=$(tang_new_random_port)
 TMP2="$(mktemp -d)"
-tang_run "${TMP2}" "${port2}" &
-tang_wait_until_ready "${port2}"
-new_url="http://${TANG_HOST}:${port2}"
+tang_run "${TMP2}" "${port2}"
+new_url="http://localhost:${port2}"
 new_cfg=$(printf '{"url":"%s"}' "${new_url}")
 
 if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then
--- a/src/luks/tests/list-recursive-luks1
+++ b/src/luks/tests/list-recursive-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="sss"
 CFG=$(printf '
 {
--- a/src/luks/tests/list-recursive-luks2
+++ b/src/luks/tests/list-recursive-luks2
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="sss"
 CFG=$(printf '
 {
--- a/src/luks/tests/list-sss-tang-luks1
+++ b/src/luks/tests/list-sss-tang-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="sss"
 CFG=$(printf '
 {
--- a/src/luks/tests/list-sss-tang-luks2
+++ b/src/luks/tests/list-sss-tang-luks2
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="sss"
 CFG=$(printf '
 {
--- a/src/luks/tests/list-tang-luks1
+++ b/src/luks/tests/list-tang-luks1
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="tang"
 CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
 
--- a/src/luks/tests/list-tang-luks2
+++ b/src/luks/tests/list-tang-luks2
@@ -31,7 +31,7 @@
 TMP="$(mktemp -d)"
 
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 PIN="tang"
 CFG=$(printf '{"url": "ADDR","adv": "%s"}' "${ADV}")
 
--- a/src/luks/tests/meson.build
+++ b/src/luks/tests/meson.build
@@ -1,39 +1,6 @@
 # We use jq for comparing the pin config in the clevis luks list tests.
 jq = find_program('jq', required: false)
 
-# We use systemd-socket-activate for running test tang servers.
-actv = find_program(
-  'systemd-socket-activate',
-  'systemd-activate',
-  join_paths('/', 'usr', 'lib', 'systemd', 'systemd-activate'),
-  required: false
-)
-
-kgen = find_program(
-  join_paths(libexecdir, 'tangd-keygen'),
-  join_paths(get_option('prefix'), get_option('libdir'), 'tangd-keygen'),
-  join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-keygen'),
-  join_paths('/', 'usr', get_option('libdir'), 'tangd-keygen'),
-  join_paths('/', 'usr', get_option('libexecdir'), 'tangd-keygen'),
-  required: false
-)
-updt = find_program(
-  join_paths(libexecdir, 'tangd-update'),
-  join_paths(get_option('prefix'), get_option('libdir'), 'tangd-update'),
-  join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd-update'),
-  join_paths('/', 'usr', get_option('libdir'), 'tangd-update'),
-  join_paths('/', 'usr', get_option('libexecdir'), 'tangd-update'),
-  required: false
-)
-tang = find_program(
-  join_paths(libexecdir, 'tangd'),
-  join_paths(get_option('prefix'), get_option('libdir'), 'tangd'),
-  join_paths(get_option('prefix'), get_option('libexecdir'), 'tangd'),
-  join_paths('/', 'usr', get_option('libdir'), 'tangd'),
-  join_paths('/', 'usr', get_option('libexecdir'), 'tangd'),
-  required: false
-)
-
 common_functions = configure_file(input: 'tests-common-functions.in',
   output: 'tests-common-functions',
   configuration: luksmeta_data,
@@ -53,19 +20,11 @@
   join_paths(meson.build_root(), 'src', 'luks'),
   join_paths(meson.build_root(), 'src', 'pins', 'sss'),
   join_paths(meson.build_root(), 'src', 'pins', 'tang'),
+  join_paths(meson.build_root(), 'src', 'pins', 'tang', 'tests'),
   join_paths(meson.build_root(), 'src', 'pins', 'tpm2'),
   separator: ':'
 )
 
-has_tang = false
-if actv.found() and kgen.found() and updt.found() and tang.found()
-  has_tang = true
-  env.set('SD_ACTIVATE', actv.path())
-  env.set('TANGD_KEYGEN', kgen.path())
-  env.set('TANGD_UPDATE', updt.path())
-  env.set('TANGD', tang.path())
-endif
-
 test('bind-wrong-pass-luks1', find_program('bind-wrong-pass-luks1'), env: env)
 test('bind-luks1', find_program('bind-luks1'), env: env)
 test('unbind-unbound-slot-luks1', find_program('unbind-unbound-slot-luks1'), env: env)
@@ -85,15 +44,13 @@
   warning('Will not run "clevis luks list" tests due to missing jq dependency')
 endif
 
-if has_tang
-  test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
-  test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
-  test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
-  test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
-  test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
-  test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
-  test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
-endif
+test('unlock-tang-luks1', find_program('unlock-tang-luks1'), env: env, timeout: 90)
+test('assume-yes', find_program('assume-yes'), env: env, timeout: 60)
+test('regen-inplace-luks1', find_program('regen-inplace-luks1'), env: env, timeout: 90)
+test('regen-not-inplace-luks1', find_program('regen-not-inplace-luks1'), env: env, timeout: 90)
+test('report-tang-luks1', find_program('report-tang-luks1'), env: env, timeout: 90)
+test('report-sss-luks1', find_program('report-sss-luks1'), env: env, timeout: 90)
+test('edit-tang-luks1', find_program('edit-tang-luks1'), env: env, timeout: 150)
 
 test('backup-restore-luks1', find_program('backup-restore-luks1'), env: env, timeout: 60)
 
@@ -112,15 +69,13 @@
     test('list-sss-tang-luks2', find_program('list-sss-tang-luks2'), env: env, timeout: 60)
   endif
 
-  if has_tang
-    test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
-    test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
-    test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
-    test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
-    test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
-    test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
-    test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
-  endif
+  test('unlock-tang-luks2', find_program('unlock-tang-luks2'), env: env, timeout: 120)
+  test('assume-yes-luks2', find_program('assume-yes-luks2'), env: env, timeout: 90)
+  test('regen-inplace-luks2', find_program('regen-inplace-luks2'), env: env, timeout: 120)
+  test('regen-not-inplace-luks2', find_program('regen-not-inplace-luks2'), env: env, timeout: 120)
+  test('report-tang-luks2', find_program('report-tang-luks2'), env: env, timeout: 120)
+  test('report-sss-luks2', find_program('report-sss-luks2'), env: env, timeout: 120)
+  test('edit-tang-luks2', find_program('edit-tang-luks2'), env: env, timeout: 210)
 
-test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
+  test('backup-restore-luks2', find_program('backup-restore-luks2'), env: env, timeout: 120)
 endif
--- a/src/luks/tests/regen-inplace-luks1
+++ b/src/luks/tests/regen-inplace-luks1
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/regen-inplace-luks2
+++ b/src/luks/tests/regen-inplace-luks2
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/regen-not-inplace-luks1
+++ b/src/luks/tests/regen-not-inplace-luks1
@@ -32,11 +32,10 @@
 
 export TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/regen-not-inplace-luks2
+++ b/src/luks/tests/regen-not-inplace-luks2
@@ -32,11 +32,10 @@
 
 export TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/report-sss-luks1
+++ b/src/luks/tests/report-sss-luks1
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/report-sss-luks2
+++ b/src/luks/tests/report-sss-luks2
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/report-tang-luks1
+++ b/src/luks/tests/report-tang-luks1
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/report-tang-luks2
+++ b/src/luks/tests/report-tang-luks2
@@ -32,11 +32,10 @@
 
 TMP=$(mktemp -d)
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/tests-common-functions.in
+++ b/src/luks/tests/tests-common-functions.in
@@ -18,6 +18,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
+. tang-common-test-functions
+
 error() {
     echo "${1}" >&2
     exit 1
@@ -34,20 +36,6 @@
     return @OLD_CRYPTSETUP@
 }
 
-# Creates a tang adv to be used in the test.
-create_tang_adv() {
-    local adv="${1}"
-    local SIG="${TMP}/sig.jwk"
-    jose jwk gen -i '{"alg":"ES512"}' > "${SIG}"
-
-    local EXC="${TMP}/exc.jwk"
-    jose jwk gen -i '{"alg":"ECMR"}' > "${EXC}"
-
-    local TEMPLATE='{"protected":{"cty":"jwk-set+json"}}'
-    jose jwk pub -s -i "${SIG}" -i "${EXC}" \
-        | jose jws sig -I- -s "${TEMPLATE}" -k "${SIG}" -o "${adv}"
-}
-
 # Creates a new LUKS1 or LUKS2 device to be used.
 new_device() {
     local LUKS="${1}"
@@ -236,132 +224,4 @@
     return 0
 }
 
-
-# Get a random port to be used with a test tang server.
-get_random_port() {
-    shuf -i 1024-65535 -n 1
-}
-
-# Removes tang rotated keys from the test server.
-tang_remove_rotated_keys() {
-    local basedir="${1}"
-
-    if [ -z "${basedir}" ]; then
-        echo "Please pass a valid base directory for tang"
-        return 1
-    fi
-
-    [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
-
-    local db="${basedir}/db"
-    local cache="${basedir}/cache"
-    mkdir -p "${db}"
-    mkdir -p "${cache}"
-
-    pushd "${db}"
-        find . -name ".*.jwk" -exec rm -f {} \;
-    popd
-
-    "${TANGD_UPDATE}" "${db}" "${cache}"
-    return 0
-}
-
-# Creates new keys for the test tang server.
-tang_new_keys() {
-    local basedir="${1}"
-    local rotate="${2}"
-
-    if [ -z "${basedir}" ]; then
-        echo "Please pass a valid base directory for tang"
-        return 1
-    fi
-
-    [ -z "${TANGD_KEYGEN}" ] && skip_test "WARNING: TANGD_KEYGEN is not defined."
-    [ -z "${TANGD_UPDATE}" ] && skip_test "WARNING: TANGD_UPDATE is not defined."
-
-    local db="${basedir}/db"
-    local cache="${basedir}/cache"
-    mkdir -p "${db}"
-
-    if [ -n "${rotate}" ]; then
-        pushd "${db}"
-            local k
-            k=$(find . -name "*.jwk" | wc -l)
-            if [ "${k}" -gt 0 ]; then
-                for k in *.jwk; do
-                    mv -f -- "${k}" ".${k}"
-                done
-            fi
-        popd
-    fi
-
-    "${TANGD_KEYGEN}" "${db}"
-    "${TANGD_UPDATE}" "${db}" "${cache}"
-
-    return 0
-}
-
-# Start a test tang server.
-tang_run() {
-    local basedir="${1}"
-    local port="${2}"
-
-    if [ -z "${basedir}" ]; then
-        echo "Please pass a valid base directory for tang" >&2
-        return 1
-    fi
-
-    if [ -z "${port}" ]; then
-        echo "Please pass a valid port for tang" >&2
-        return 1
-    fi
-
-    if ! tang_new_keys "${basedir}"; then
-        echo "Error creating new keys for tang server" >&2
-        return 1
-    fi
-
-    local KEYS="${basedir}/cache"
-    local inetd='--inetd'
-    [ "${SD_ACTIVATE##*/}" = "systemd-activate" ] && inetd=
-
-    local pid pidfile
-    pidfile="${basedir}/tang.pid"
-
-    "${SD_ACTIVATE}" ${inetd} -l "${TANG_HOST}":"${port}" \
-            -a "${TANGD}" "${KEYS}" &
-    pid=$!
-    echo "${pid}" > "${pidfile}"
-}
-
-# Stop tang server.
-tang_stop() {
-    local basedir="${1}"
-    local pidfile="${basedir}/tang.pid"
-    [ -f "${pidfile}" ] || return 0
-
-    local pid
-    pid=$(<"${pidfile}")
-    kill "${pid}"
-}
-
-# Wait for the tang server to be operational.
-tang_wait_until_ready() {
-   local port="${1}"
-   while ! curl --output /dev/null --silent --fail \
-                http://"${TANG_HOST}":"${port}"/adv; do
-       sleep 0.1
-       echo -n . >&2
-   done
-}
-
-# Get tang advertisement.
-tang_get_adv() {
-    local port="${1}"
-    local adv="${2}"
-
-    curl -o "${adv}" http://"${TANG_HOST}":"${port}"/adv
-}
-
-export TANG_HOST=127.0.0.1
 export DEFAULT_PASS='just-some-test-password-here'
--- a/src/luks/tests/unbind-luks1
+++ b/src/luks/tests/unbind-luks1
@@ -30,7 +30,7 @@
 
 TMP="$(mktemp -d)"
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS1.
--- a/src/luks/tests/unbind-luks2
+++ b/src/luks/tests/unbind-luks2
@@ -34,7 +34,7 @@
 
 TMP="$(mktemp -d)"
 ADV="${TMP}/adv.jws"
-create_tang_adv "${ADV}"
+tang_create_adv "${TMP}" "${ADV}"
 CFG="$(printf '{"url":"foobar","adv":"%s"}' "$ADV")"
 
 # LUKS2.
--- a/src/luks/tests/unlock-tang-luks1
+++ b/src/luks/tests/unlock-tang-luks1
@@ -33,11 +33,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 
--- a/src/luks/tests/unlock-tang-luks2
+++ b/src/luks/tests/unlock-tang-luks2
@@ -33,11 +33,10 @@
 
 TMP="$(mktemp -d)"
 
-port=$(get_random_port)
-tang_run "${TMP}" "${port}" &
-tang_wait_until_ready "${port}"
+port=$(tang_new_random_port)
+tang_run "${TMP}" "${port}"
 
-url="http://${TANG_HOST}:${port}"
+url="http://localhost:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"