Prevent Address in use error

Try #2 - use changeable IP address from loopback range (127.1.2.3), bind
socat to that address only, test port availability before it is returned
as available.

src/luks/tests/assume-yes

@@ -36,7 +36,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 cfg=$(printf '{"url":"%s"}' "$url")
 
 test_tang() {

src/luks/tests/assume-yes-luks2

@@ -36,7 +36,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 cfg=$(printf '{"url":"%s"}' "$url")
 
 # LUKS2.

src/luks/tests/bind-binary-keyfile-luks1

@@ -36,7 +36,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 ADV="${TMP}/adv.jws"
 tang_get_adv "${port}" "${ADV}"
 CFG="$(printf '{"url":"%s","adv":"%s"}' "${url}" "$ADV")"

src/luks/tests/bind-luks1-avoid-luksmeta-corruption

@@ -39,7 +39,7 @@ new_device "luks1" "${DEV}"
 # TANG server specifics
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 
 # Initial binding to ensure luksmeta gets corrupted
 for ADV_NU in $(seq 0 ${ADV_AMOUNT}); do

src/luks/tests/edit-tang-luks1

@@ -39,7 +39,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 
 cfg=$(printf '{"url":"%s"}' "${url}")
 
@@ -67,7 +67,7 @@ fi
 port2=$(tang_new_random_port)
 TMP2="$(mktemp -d)"
 tang_run "${TMP2}" "${port2}"
-new_url="http://localhost:${port2}"
+new_url="http://${TANGD_IP}:${port2}"
 new_cfg=$(printf '{"url":"%s"}' "${new_url}")
 
 if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then

src/luks/tests/edit-tang-luks2

@@ -39,7 +39,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 
 cfg=$(printf '{"url":"%s"}' "${url}")
 
@@ -67,7 +67,7 @@ fi
 port2=$(tang_new_random_port)
 TMP2="$(mktemp -d)"
 tang_run "${TMP2}" "${port2}"
-new_url="http://localhost:${port2}"
+new_url="http://${TANGD_IP}:${port2}"
 new_cfg=$(printf '{"url":"%s"}' "${new_url}")
 
 if ! clevis luks edit -d "${DEV}" -s 1 -c "${new_cfg}"; then

src/luks/tests/pass-tang-luks1

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/pass-tang-luks2

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/regen-inplace-luks1

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/regen-inplace-luks2

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/regen-not-inplace-luks1

@@ -35,7 +35,7 @@ export TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/regen-not-inplace-luks2

@@ -35,7 +35,7 @@ export TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/report-sss-luks1

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/report-sss-luks2

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/report-tang-luks1

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/report-tang-luks2

@@ -35,7 +35,7 @@ TMP=$(mktemp -d)
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/unlock-arbitrary-parameter

@@ -33,7 +33,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/unlock-tang-luks1

@@ -36,7 +36,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/luks/tests/unlock-tang-luks2

@@ -36,7 +36,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 adv="${TMP}/adv"
 tang_get_adv "${port}" "${adv}"
 

src/pins/tang/tests/default-thp-alg

@@ -37,7 +37,7 @@ TMP="$(mktemp -d)"
 port=$(tang_new_random_port)
 tang_run "${TMP}" "${port}"
 
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 data="just a sample text"
 
 # Get the advertisement and extract the keys.

src/pins/tang/tests/pin-tang

@@ -38,7 +38,7 @@ tang_run "${TMP}" "${port}" sig exc
 thp="$(jose jwk thp -i "$TMP/db/sig.jwk")"
 adv="${TMP}/adv.jws"
 tang_get_adv "${port}" "${adv}"
-url="http://localhost:${port}"
+url="http://${TANGD_IP}:${port}"
 
 cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")"
 enc="$(echo -n "hi" | clevis encrypt tang "$cfg")"

src/pins/tang/tests/tang-common-test-functions.in

@@ -22,6 +22,7 @@ SOCAT="@SOCAT@"
 TANGD_KEYGEN="@TANGD_KEYGEN@"
 TANGD_UPDATE="@TANGD_UPDATE@"
 TANGD="@TANGD@"
+TANGD_IP="${TANGD_IP:-127.0.0.1}"
 
 tang_error() {
     echo "${1}" >&2
@@ -59,7 +60,12 @@ tang_create_adv() {
 # Get a random port to be used with a test tang server.
 tang_new_random_port() {
     tang_sanity_check
-    shuf -i 1024-65535 -n 1
+    local port
+    port=$(shuf -i 1024-65535 -n 1)
+    while (: </dev/tcp/${TANGD_IP}/$port) 2>/dev/null; do
+        port=$(shuf -i 1024-65535 -n 1)
+    done
+    echo $port
 }
 
 # Removes tang rotated keys from the test server.
@@ -124,7 +130,7 @@ tang_wait_until_ready() {
     local start elapsed
     start="${SECONDS}"
     while ! curl --output /dev/null --silent --fail \
-                "http://localhost:${port}/adv"; do
+                "http://${TANGD_IP}:${port}/adv"; do
         elapsed=$((SECONDS - start))
         if [ "${elapsed}" -gt "${max_timeout_in_s}" ]; then
             tang_error "Timeout (${max_timeout_in_s}s) waiting for tang server"
@@ -155,7 +161,7 @@ tang_run() {
     local pid pidfile
     pidfile="${basedir}/tang.pid"
 
-    "${SOCAT}" -v -v TCP-LISTEN:${port},reuseaddr,fork \
+    "${SOCAT}" -v -v TCP4-LISTEN:${port},reuseaddr,fork,bind=${TANGD_IP} \
                exec:"${TANGD} ${KEYS}" &
 
     pid=$!
@@ -184,7 +190,7 @@ tang_get_adv() {
     local adv="${2:-/dev/stdout}"
 
     [ -z "${port}" ] && tang_error "tang_get_adv: please specify 'port'"
-    curl -L -o "${adv}" "http://localhost:${port}/adv"
+    curl -L -o "${adv}" "http://${TANGD_IP}:${port}/adv"
 }
 
 run_test_server() {
@@ -195,6 +201,6 @@ run_test_server() {
     [ -z "${port}" ] && tang_error "run_test_server: please specify 'port'"
     [ -z "${response}" ] && tang_error "run_test_server: please specify 'response'"
 
-    "${SOCAT}" -v -v TCP-LISTEN:${port},reuseaddr SYSTEM:"cat ${response}" &
+    "${SOCAT}" -v -v TCP4-LISTEN:${port},reuseaddr,bind=${TANGD_IP} SYSTEM:"cat ${response}" &
     sleep 1
 }

src/pins/tang/tests/tang-validate-adv

@@ -33,7 +33,7 @@ do_test() {
     local stderr="${3:-/dev/stderr}"
 
     run_test_server "${port}" "${response}"
-    cfg="$(printf '{"url":"localhost:%d"}' "${port}")"
+    cfg="$(printf '{"url":"%s:%d"}' "${TANGD_IP}" "${port}")"
     if ! echo foo | clevis encrypt tang "${cfg}" -y 2>"${stderr}"; then
         echo "Error (do_test) response: ${response}" >&2
         [ -r "${stderr}" ] && cat "${stderr}" >&2
@@ -46,7 +46,7 @@ do_test_with_adv() {
     local adv="${2}"
     local stderr="${3:-/dev/stderr}"
 
-    cfg="$(printf '{"url":"localhost:%d","adv":"%s"}' "${port}" "${adv}")"
+    cfg="$(printf '{"url":"%s:%d","adv":"%s"}' "${TANGD_IP}" "${port}" "${adv}")"
     if ! echo foo-adv | clevis encrypt tang "${cfg}" 2>"${stderr}"; then
         echo "Error (do_test_with_adv) adv: ${adv} response: ${response}" >&2
         [ -r "${stderr}" ] && cat "${stderr}" >&2