Replace usage of whitelist to allowlist in code, comments and DSL

README.md

@@ -310,19 +310,19 @@ omnibus manifest PROJECT -l warn
 
 This will output a JSON-formatted manifest containing the resolved version of every software definition.
 
-## Whitelisting Libraries
+## Allowing/Ignoring Libraries
 
-Sometimes a platform has libraries that need to be whitelisted so the healthcheck can pass. The whitelist found in the [healthcheck](https://github.com/chef/omnibus/blob/master/lib/omnibus/health_check.rb) code comprises the minimal required for successful builds on supported platforms.
+Sometimes a platform has libraries that need to be allowed so the healthcheck can pass. The allowlist found in the [healthcheck](https://github.com/chef/omnibus/blob/master/lib/omnibus/health_check.rb) code comprises the minimal required for successful builds on supported platforms.
 
-To add your own whitelisted library, simply add a regex to your software definition in your omnibus project as follows:
+To add your own allowed library, simply add a regex to your software definition in your omnibus project as follows:
 
 ```
-whitelist_file /libpcrecpp\.so\..+/
+allow_file /libpcrecpp\.so\..+/
 ```
 
-It is typically a good idea to add a conditional to whitelist based on the specific platform that requires it.
+It is typically a good idea to add a conditional to allowlist based on the specific platform that requires it.
 
-_Warning: You should only add libraries to the whitelist that are guaranteed to be on the system you install to; if a library comes from a non-default package you should instead build it into the package._
+_Warning: You should only add libraries to the allowlist that are guaranteed to be on the system you install to; if a library comes from a non-default package you should instead build it into the package._
 
 ## Changelog
 

lib/omnibus/whitelist.rb → lib/omnibus/allowlist.rb

@@ -14,7 +14,7 @@
 # limitations under the License.
 #
 
-WHITELIST_LIBS = [
+ALLOWLIST_LIBS = [
     /ld-linux/,
     /libanl\.so/,
     /libc\.so/,
@@ -33,7 +33,7 @@
     /linux-gate\.so/,
   ].freeze
 
-ARCH_WHITELIST_LIBS = [
+ARCH_ALLOWLIST_LIBS = [
   /libanl\.so/,
   /libc\.so/,
   /libcrypt\.so/,
@@ -48,7 +48,7 @@
   /libutil\.so/,
 ].freeze
 
-AIX_WHITELIST_LIBS = [
+AIX_ALLOWLIST_LIBS = [
   /libpthread\.a/,
   /libpthreads\.a/,
   /libdl.a/,
@@ -58,7 +58,7 @@
   /unix$/,
 ].freeze
 
-OMNIOS_WHITELIST_LIBS = [
+OMNIOS_ALLOWLIST_LIBS = [
   /libc\.so\.1/,
   /libcrypt\./,
   /libcrypt\.so\.1/,
@@ -79,7 +79,7 @@
   /libgcc_s\.so\.1/,
 ].freeze
 
-SOLARIS_WHITELIST_LIBS = [
+SOLARIS_ALLOWLIST_LIBS = [
   /libaio\.so/,
   /libavl\.so/,
   /libcrypt_[di]\.so/,
@@ -119,7 +119,7 @@
   /s9_preload\.so\.1/,
 ].freeze
 
-SMARTOS_WHITELIST_LIBS = [
+SMARTOS_ALLOWLIST_LIBS = [
   /libm.so/,
   /libpthread.so/,
   /librt.so/,
@@ -141,7 +141,7 @@
   /libz\.so/, # while we package our own libz, this get dragged along from Solaris 11's libelf library for some reason...
 ].freeze
 
-MAC_WHITELIST_LIBS = [
+MAC_ALLOWLIST_LIBS = [
   /libobjc\.A\.dylib/,
   /libSystem\.B\.dylib/,
   /CoreFoundation/,
@@ -165,7 +165,7 @@
   /SystemConfiguration/,
 ].freeze
 
-FREEBSD_WHITELIST_LIBS = [
+FREEBSD_ALLOWLIST_LIBS = [
   /libc\.so/,
   /libgcc_s\.so/,
   /libcrypt\.so/,

lib/omnibus/builder.rb

@@ -18,7 +18,7 @@
 require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
 require "ostruct" unless defined?(OpenStruct)
 require "pathname" unless defined?(Pathname)
-require "omnibus/whitelist"
+require "omnibus/allowlist"
 
 module Omnibus
   class Builder

lib/omnibus/health_check.rb

@@ -15,7 +15,7 @@
 #
 
 require "omnibus/sugarable"
-require "omnibus/whitelist"
+require "omnibus/allowlist"
 begin
   require "pedump"
 rescue LoadError
@@ -380,13 +380,13 @@ def hex
     end
 
     #
-    # The list of whitelisted (ignored) files from the project and softwares.
+    # The list of allowed (ignored) files from the project and softwares.
     #
     # @return [Array<String, Regexp>]
     #
-    def whitelist_files
+    def allow_files
       project.library.components.inject([]) do |array, component|
-        array += component.whitelist_files
+        array += component.allow_files
         array
       end
     end
@@ -423,30 +423,30 @@ def read_shared_libs(command)
     def check_for_bad_library(bad_libs, current_library, name, linked)
       safe = nil
 
-      whitelist_libs = case Ohai["platform"]
+      allowlist_libs = case Ohai["platform"]
                        when "arch"
-                         ARCH_WHITELIST_LIBS
+                         ARCH_ALLOWLIST_LIBS
                        when "mac_os_x"
-                         MAC_WHITELIST_LIBS
+                         MAC_ALLOWLIST_LIBS
                        when "omnios"
-                         OMNIOS_WHITELIST_LIBS
+                         OMNIOS_ALLOWLIST_LIBS
                        when "solaris2"
-                         SOLARIS_WHITELIST_LIBS
+                         SOLARIS_ALLOWLIST_LIBS
                        when "smartos"
-                         SMARTOS_WHITELIST_LIBS
+                         SMARTOS_ALLOWLIST_LIBS
                        when "freebsd"
-                         FREEBSD_WHITELIST_LIBS
+                         FREEBSD_ALLOWLIST_LIBS
                        when "aix"
-                         AIX_WHITELIST_LIBS
+                         AIX_ALLOWLIST_LIBS
                        else
-                         WHITELIST_LIBS
+                         ALLOWLIST_LIBS
                        end
 
-      whitelist_libs.each do |reg|
+      allowlist_libs.each do |reg|
         safe ||= true if reg.match(name)
       end
 
-      whitelist_files.each do |reg|
+      allow_files.each do |reg|
         safe ||= true if reg.match(current_library)
       end
 
@@ -463,7 +463,7 @@ def check_for_bad_library(bad_libs, current_library, name, linked)
           bad_libs[current_library][name][linked] = 1
         end
       else
-        log.debug(log_key) { "    -> PASSED: #{name} is either whitelisted or safely provided." }
+        log.debug(log_key) { "    -> PASSED: #{name} is either allowed or safely provided." }
       end
 
       bad_libs

lib/omnibus/licensing.rb

@@ -400,7 +400,7 @@ def local?(license)
     # Logs the given message as info.
     #
     # This method should only be used for detecting in a license is known or not.
-    # In the future, we will introduce a configurable way to whitelist or blacklist
+    # In the future, we will introduce a configurable way to allow or reject
     # the allowed licenses. Once we implement that we need to stop using this method.
     #
     # @param [String] message

lib/omnibus/software.rb

@@ -537,23 +537,23 @@ def version(val = NULL, &block)
     expose :version
 
     #
-    # Add a file to the healthcheck whitelist.
+    # Add a file to the healthcheck allowlist.
     #
     # @example
-    #   whitelist_file '/path/to/file'
+    #   allow_file '/path/to/file'
     #
     # @param [String, Regexp] file
     #   the name of a file to ignore in the healthcheck
     #
     # @return [Array<String>]
-    #   the list of currently whitelisted files
+    #   the list of currently allowed files
     #
-    def whitelist_file(file)
+    def allow_file(file)
       file = Regexp.new(file) unless file.is_a?(Regexp)
-      whitelist_files << file
-      whitelist_files.dup
+      allow_files << file
+      allow_files.dup
     end
-    expose :whitelist_file
+    expose :allow_file
 
     #
     # The path relative to fetch_dir where relevant project files are
@@ -926,8 +926,8 @@ def dependencies
     #
     # @return [Array<String>]
     #
-    def whitelist_files
-      @whitelist_files ||= []
+    def allow_files
+      @allow_files ||= []
     end
 
     #

spec/unit/software_spec.rb

@@ -43,7 +43,7 @@ module Omnibus
     it_behaves_like "a cleanroom setter", :license_file, %{license_file 'LICENSES/artistic.txt'}
     it_behaves_like "a cleanroom setter", :skip_transitive_dependency_licensing, %{skip_transitive_dependency_licensing true}
     it_behaves_like "a cleanroom setter", :dependency_licenses, %{dependency_licenses [{license: "MIT"}]}
-    it_behaves_like "a cleanroom setter", :whitelist_file, %{whitelist_file '/opt/whatever'}
+    it_behaves_like "a cleanroom setter", :allow_file, %{allow_file '/opt/whatever'}
     it_behaves_like "a cleanroom setter", :relative_path, %{relative_path '/path/to/extracted'}
     it_behaves_like "a cleanroom setter", :build, %|build {}|
     it_behaves_like "a cleanroom getter", :project_dir
@@ -453,17 +453,17 @@ module Omnibus
       end
     end
 
-    describe "#whitelist_file" do
-      it "appends to the whitelist_files array" do
-        expect(subject.whitelist_files.size).to eq(0)
-        subject.whitelist_file(%r{foo/bar})
-        expect(subject.whitelist_files.size).to eq(1)
+    describe "#allow_file" do
+      it "appends to the allow_files array" do
+        expect(subject.allow_files.size).to eq(0)
+        subject.allow_file(%r{foo/bar})
+        expect(subject.allow_files.size).to eq(1)
       end
 
       it "converts Strings to Regexp instances" do
-        subject.whitelist_file "foo/bar"
-        expect(subject.whitelist_files.size).to eq(1)
-        expect(subject.whitelist_files.first).to be_kind_of(Regexp)
+        subject.allow_file "foo/bar"
+        expect(subject.allow_files.size).to eq(1)
+        expect(subject.allow_files.first).to be_kind_of(Regexp)
       end
     end