Patch omnibus to allow projects to specify allowed libs
Problem
The omnibus build tool currently has a hardcoded list of allowed libraries from the host operating system: https://dev.gitlab.org/gitlab/omnibus/-/blob/7.0.10-stable/lib/omnibus/whitelist.rb#L17
But we need to be able to adjust the list. What the tool does allow, is a whitelist_file
on the software DSL that allows a build file to be skipped for dependency checking. We've used this as a workaround up until now to allow the libatomic
runtime dependency. But we have had to allow all dependencies in any file that uses libatomic rather just being ale to say that libatomic
itself is allowed to be a runtime dependency.
Now we are also looking at allowing use of the system libssl and libcrypto in order to get distro fips support, which impact many more files than libatomic did.
Solution
Add a new customizable allowlist at the project dsl level where we can specify additional libs we want to allow. Here is where it would then be appended to the current list: https://dev.gitlab.org/gitlab/omnibus/-/blob/7.0.10-stable/lib/omnibus/health_check.rb#L426-445