Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MLCube container image hash checking & Disable network #472

Merged
merged 79 commits into from
Aug 3, 2023
Merged

MLCube container image hash checking & Disable network #472

merged 79 commits into from
Aug 3, 2023

Conversation

aristizabal95
Copy link
Contributor

@aristizabal95 aristizabal95 commented Jul 27, 2023
edited
Loading

This PR makes use of recently added features on MLCube for ensuring reproducibility and reducing vulnerabilities on external code execution. This is done with the following 2 features:

  • Container hash checking: Using mlcube inspect, we can now get the hash of the container image (original image if converted) and compare against a ground truth on our server. This ensures users won't be able to change the image contents after submitting an MLCube.
  • Disabling network access: MLCube recently enabled passing the --network flag during execution time. We're using this to disable network access, ensuring MLCubes won't be able to retrieve or send information to another location during execution.

Closes #469.

TODO:

  • Implement tests for hash checking (No tests are implement for any hash checking we're doing on MLCubes)
  • Import latest MLCube version (inspect is on a pre-release, which is not yet installable through requirements.txt)

@aristizabal95
Add Data Preparator cookiecutter template
28f7e7f
@aristizabal95
Rename cookiecutter folder
6f9e19e
@aristizabal95
Temporarily remove possibly offending files
df6e6a2
@aristizabal95
Remove cookicutter conditionals
a7db0cf
@aristizabal95
Inclube back missing pieces of template
a7a6d15
@aristizabal95
remove cookiecutter typo
e2f7108
@aristizabal95
Use project_name attribute
581b5bb
@aristizabal95
Change cookiecutter fields order
fd77804
@aristizabal95
Create empty directories on hook
6eebd59
@aristizabal95
Fix empty folders paths
5ef86a2
@aristizabal95
Create evaluator mlcube cookiecutter template
d04baf8
@aristizabal95
Fix JSON Syntax Error
02cec01
@aristizabal95
Update template default values
b3d7a1d
@aristizabal95
Remove reference to undefined template variable
7338236
@aristizabal95
Implement model mlcube cookiecutter template
d1cec5e
@aristizabal95
Update cookiecutter variable default values
7338755
@aristizabal95
Create medperf CLI command for creating MLCubes
3ae9226
@aristizabal95
Provide additional options for mlcube create
e07cde2
@aristizabal95
Start working on tests
68e136a
@aristizabal95
Add tests for cube create
b8e03ac
@aristizabal95
Ignore invalid syntax on cookiecutter conditionals
7896b25
@aristizabal95
Ignore more flake8 errors
4f78981
@aristizabal95
Remove unused import
f5dab5e
@aristizabal95
Empty commit for cloudbuild
a03d7f6
@aristizabal95
Fix inconsistency with labels paths
6bb60d0
@aristizabal95
Update mlcube.yaml so it can be commented on docs
43b6cab
@aristizabal95
Don't render noqa comments on template
55b5d22
@aristizabal95
Remove flake8 specific ignores
135c598
@aristizabal95
Exclude templates from lint checks
e9e2c32
@aristizabal95
Remove specific flake8 ignores
e95dab8
@aristizabal95 aristizabal95 temporarily deployed to testing-external-code July 28, 2023 22:11 — with GitHub Actions Inactive
@aristizabal95 aristizabal95 temporarily deployed to testing-external-code July 28, 2023 22:13 — with GitHub Actions Inactive
@aristizabal95 aristizabal95 temporarily deployed to testing-external-code July 28, 2023 22:13 — with GitHub Actions Inactive
@aristizabal95 aristizabal95 temporarily deployed to testing-external-code July 31, 2023 21:23 — with GitHub Actions Inactive
@aristizabal95 aristizabal95 temporarily deployed to testing-external-code July 31, 2023 23:02 — with GitHub Actions Inactive
@hasan7n hasan7n had a problem deploying to testing-external-code August 2, 2023 04:25 — with GitHub Actions Failure
@hasan7n hasan7n temporarily deployed to testing-external-code August 2, 2023 05:12 — with GitHub Actions Inactive
@hasan7n hasan7n temporarily deployed to testing-external-code August 2, 2023 16:03 — with GitHub Actions Inactive
@hasan7n hasan7n had a problem deploying to testing-external-code August 3, 2023 18:43 — with GitHub Actions Failure
@hasan7n hasan7n merged commit 79650db into mlcommons:main Aug 3, 2023
6 of 7 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Aug 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@aristizabal95 aristizabal95

Labels
component: client issues regarding the CLI High Priority Urgent tasks type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add MLCube hash storing and checking
2 participants
@aristizabal95 @hasan7n