wiki:OpenVPN_QA

Version 30 (modified by Samuli Seppänen, 7 years ago) (diff)

Cleanup QA page

Introduction

This page outlines the efforts taken to maintain OpenVPN's code quality without excessive compromises on development speed.

Static testing

Peer review

Static testing usually refers to static code analysis, which is baked in into our development process in the form of mandatory ACK process which every patch has to go through. The ACK process not only improves code quality, it also prevents highly specialized or rarely used features from polluting the codebase. Code reviews are especially important for patches coming from non-core contributors who may not be familiar with OpenVPN's coding practices. That said, the review constantly catch small issues in patches sent by the core developers also.

Automated static testing

OpenVPN's codebase is scanned using Coverity Scan periodically. This detects many potential security vulnerabilities.

Dynamic testing

Dedicated black-box tests

Dynamic black-box testing means trying out an application and verifying if it works as intended. In closed-source software development which is organized around a waterfall model there are usually dedicated testers who do various scripted or intuitive/exploratory tests to verify that an application works as intended. The testing usually happens just before launch. In complex applications (such as OpenVPN) testing even a small fraction of functionality would be impractical and very costly. Fortunately, in Lean software development methodologies such as Scrum and especially in community-driven OSS development doing extensive dedicated testing is in general just a waste of time. It is replaced by

  • Constant quality assurance achieved with static whitebox technique (e.g. code reviews)
  • Testing in real environments (by users)

This said, a small amount of dedicated, dynamic testing (a.k.a. smoke testing) goes into each release to catch the most obvious errors. All new features are tested separately before a patch is accepted to Git.

If you want to help with pre-release testing please don't hesitate to contact the developers about it.

Performance tests

In the past performance tests have been conducted to measure OpenVPN performance:

We don't currently have a reliable test network which we could use to detect small performance regressions. Please don't hesitate to contact us if you think you could help us out with this problem.

Testing in real environments

In OpenVPN (and most other open source projects), the stability of stable releases is ensured with real-life testing by it's users during all phases of software development, starting from patches sent to the mailing list, followed by development code in Git and leading into stable releases. There are at least two kinds of barriers to using pre-release code:

  • Psychological barriers
    • Risk avoidance
  • Technical barriers
    • Unfamiliarity with required tools (e.g. Git)
    • Difficulty of deployment, e.g. building software from sources (especially on Windows)

This means that, the closer we get to release, the more people we can expect to be testing the codebase. The figures below are not based on any real data and can only be considered rough estimates:

GitSnapshotsAlphaBetaRCRelease
0.1%0.2%1%5%10%99%

The use of snapshots help overcome some of the technical barriers. The only way to overcome psychological barriers is to speed up the release cycle. This results in new features get into wide circulation faster, which in turn results into issues being reported more quickly. This also gives more confidence in integrity of stable releases. On the flipside, more bugs will probably end up in the initial versions of the stable releases, which may create further disincentives for cautious users to install initial release versions of OpenVPN.

We currently provide Windows builds for each commit to the release branch(es) and the master branch:

Each installer has a timestamp which determines how new it is. Please include the full name of the installer you've used when reporting problems.

Continuous integration

The first line of defense is the Travis integration in GitHub?, which ensures pull requests (where allowed) do not break the main codebase badly, and that build failures caused by Git push are noticed very quickly. How Travis is used depends on the OpenVPN subproject in question.

The project also has a Buildbot buildmaster, which drives several buildslaves. These together form a continuous integration environment for OpenVPN. Each of these buildslaves is running a different operating system, and every commit to the OpenVPN Git repository triggers a build on each. In addition each openvpn binary built with default configure options makes connections to several test servers using several different configurations. This ensures that

  • OpenVPN builds properly on a variety of platforms
  • The very basic functionality is not horribly broken

Here's a full list of build tests currently (Feb 2016) in use:

build-arch-amd64-stable-master
build-arch-amd64-stable-master--disable-crypto
build-arch-amd64-stable-master--disable-crypto--disable-lzo
build-arch-amd64-stable-master--disable-crypto--disable-lzo--disable-management
build-arch-amd64-stable-master--disable-crypto--disable-management
build-arch-amd64-stable-master--disable-lz4 
build-arch-amd64-stable-master--disable-lzo
build-arch-amd64-stable-master--disable-lzo 
build-arch-amd64-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-arch-amd64-stable-master--disable-lzo--disable-management
build-arch-amd64-stable-master--disable-management
build-arch-amd64-stable-master--disable-server --enable-small 
build-arch-amd64-stable-master--enable-small 
build-arch-amd64-stable-master--with-crypto-library=polarssl --enable-crypto 
build-centos-6-amd64-stable-master
build-centos-6-amd64-stable-master--disable-crypto
build-centos-6-amd64-stable-master--disable-crypto--disable-lzo
build-centos-6-amd64-stable-master--disable-crypto--disable-lzo--disable-management
build-centos-6-amd64-stable-master--disable-crypto--disable-management
build-centos-6-amd64-stable-master--disable-lz4 
build-centos-6-amd64-stable-master--disable-lzo
build-centos-6-amd64-stable-master--disable-lzo 
build-centos-6-amd64-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-centos-6-amd64-stable-master--disable-lzo--disable-management
build-centos-6-amd64-stable-master--disable-management
build-centos-6-amd64-stable-master--disable-server --enable-small 
build-centos-6-amd64-stable-master--enable-small 
build-centos-6-amd64-stable-master--with-crypto-library=polarssl --enable-crypto 
build-cron2-freebsd-74-amd64-stable-master
build-cron2-freebsd-74-amd64-stable-master--disable-crypto
build-cron2-freebsd-74-amd64-stable-master--disable-crypto--disable-lzo
build-cron2-freebsd-74-amd64-stable-master--disable-crypto--disable-lzo--disable-management
build-cron2-freebsd-74-amd64-stable-master--disable-crypto--disable-management
build-cron2-freebsd-74-amd64-stable-master--disable-lz4 
build-cron2-freebsd-74-amd64-stable-master--disable-lzo
build-cron2-freebsd-74-amd64-stable-master--disable-lzo 
build-cron2-freebsd-74-amd64-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-cron2-freebsd-74-amd64-stable-master--disable-lzo--disable-management
build-cron2-freebsd-74-amd64-stable-master--disable-management
build-cron2-freebsd-74-amd64-stable-master--disable-server --enable-small 
build-cron2-freebsd-74-amd64-stable-master--enable-small 
build-cron2-freebsd-74-amd64-stable-master--with-crypto-library=polarssl --enable-crypto 
build-cron2-openbsd-49-i386-stable-master--disable-crypto--disable-lzo--disable-management--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-crypto--disable-lzo--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-crypto--disable-management--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-crypto--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-lz4 --disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-lzo --disable-lz4 --enable-comp-stub --disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-lzo--disable-management--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-lzo --disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-lzo--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-management--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--disable-server --enable-small --disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--enable-small --disable-plugin-auth-pam
build-cron2-openbsd-49-i386-stable-master--with-crypto-library=polarssl --enable-crypto --disable-plugin-auth-pam
build-cron2-opensolaris-10-i386-stable-master
build-cron2-opensolaris-10-i386-stable-master--disable-crypto
build-cron2-opensolaris-10-i386-stable-master--disable-crypto--disable-lzo
build-cron2-opensolaris-10-i386-stable-master--disable-crypto--disable-lzo--disable-management
build-cron2-opensolaris-10-i386-stable-master--disable-crypto--disable-management
build-cron2-opensolaris-10-i386-stable-master--disable-lz4 
build-cron2-opensolaris-10-i386-stable-master--disable-lzo
build-cron2-opensolaris-10-i386-stable-master--disable-lzo 
build-cron2-opensolaris-10-i386-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-cron2-opensolaris-10-i386-stable-master--disable-lzo--disable-management
build-cron2-opensolaris-10-i386-stable-master--disable-management
build-cron2-opensolaris-10-i386-stable-master--disable-server --enable-small 
build-cron2-opensolaris-10-i386-stable-master--enable-small 
build-cron2-opensolaris-10-i386-stable-master--with-crypto-library=polarssl --enable-crypto 
build-debian-7-i386-stable-master
build-debian-7-i386-stable-master--disable-crypto
build-debian-7-i386-stable-master--disable-crypto--disable-lzo
build-debian-7-i386-stable-master--disable-crypto--disable-lzo--disable-management
build-debian-7-i386-stable-master--disable-crypto--disable-management
build-debian-7-i386-stable-master--disable-lz4 
build-debian-7-i386-stable-master--disable-lzo
build-debian-7-i386-stable-master--disable-lzo 
build-debian-7-i386-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-debian-7-i386-stable-master--disable-lzo--disable-management
build-debian-7-i386-stable-master--disable-management
build-debian-7-i386-stable-master--disable-server --enable-small 
build-debian-7-i386-stable-master--enable-small 
build-debian-7-i386-stable-master--with-crypto-library=polarssl --enable-crypto 
build-ubuntu-1204-i386-stable-master
build-ubuntu-1204-i386-stable-master--disable-crypto
build-ubuntu-1204-i386-stable-master--disable-crypto--disable-lzo
build-ubuntu-1204-i386-stable-master--disable-crypto--disable-lzo--disable-management
build-ubuntu-1204-i386-stable-master--disable-crypto--disable-management
build-ubuntu-1204-i386-stable-master--disable-lz4 
build-ubuntu-1204-i386-stable-master--disable-lzo
build-ubuntu-1204-i386-stable-master--disable-lzo 
build-ubuntu-1204-i386-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-ubuntu-1204-i386-stable-master--disable-lzo--disable-management
build-ubuntu-1204-i386-stable-master--disable-management
build-ubuntu-1204-i386-stable-master--disable-server --enable-small 
build-ubuntu-1204-i386-stable-master--enable-small 
build-ubuntu-1204-i386-stable-master--with-crypto-library=polarssl --enable-crypto 
build-ubuntu-1404-amd64-stable-master
build-ubuntu-1404-amd64-stable-master--disable-crypto
build-ubuntu-1404-amd64-stable-master--disable-crypto--disable-lzo
build-ubuntu-1404-amd64-stable-master--disable-crypto--disable-lzo--disable-management
build-ubuntu-1404-amd64-stable-master--disable-crypto--disable-management
build-ubuntu-1404-amd64-stable-master--disable-lz4 
build-ubuntu-1404-amd64-stable-master--disable-lzo
build-ubuntu-1404-amd64-stable-master--disable-lzo 
build-ubuntu-1404-amd64-stable-master--disable-lzo --disable-lz4 --enable-comp-stub 
build-ubuntu-1404-amd64-stable-master--disable-lzo--disable-management
build-ubuntu-1404-amd64-stable-master--disable-management
build-ubuntu-1404-amd64-stable-master--disable-server --enable-small 
build-ubuntu-1404-amd64-stable-master--enable-small 
build-ubuntu-1404-amd64-stable-master--with-crypto-library=polarssl --enable-crypto 

At the moment the most common operating system variants are quite thoroughly covered. If you have access to really funky hardware and software combinations please don't hesitate to contact us and to ask if adding another buildslave would make sense.

In addition each commit to release branch(es) and the master branch triggers Linux -> Windows cross-compile test using the generic buildsystem. This helps prevent the Windows builds from being horribly broken.

Unit testing

At the moment, there is no coherent set of unit tests to spot regressions. One option would be to use CUnit or similar unit test framework to cover the most commonly used and/or critical codepaths. If you have experience with unit testing and want to help us spot regressions, please contact us.

Windows testing

Windows is different enough from the *NIX platforms to require tailored testing procedures. Those are described in detail on the WindowsTesting Wiki page.