Mark copied git repo as a safe directory#114
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses git ownership issues in the ROCm CI Docker build by marking the copied repository as a safe directory. The build system fetches the git repo separately and copies it into the docker image using different UIDs, which causes git commands to fail and results in incorrect wheel versioning (falling back to 0.0.0 instead of using git describe).
Changes:
- Added
git config --global --add safe.directorycommand to the ROCm CI Dockerfile
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| COPY . /root/flashinfer/ | ||
| RUN git config --global --add safe.directory /root/flashinfer | ||
|
|
||
| RUN curl -L micro.mamba.pm/install.sh | bash && \ |
There was a problem hiding this comment.
This line downloads and executes a remote shell script from micro.mamba.pm/install.sh without any integrity verification, running it as part of the image build (likely as root) and giving it full control over the build environment and any produced artifacts. If the remote host, DNS, TLS, or network is compromised, an attacker can modify the script to execute arbitrary commands, exfiltrate secrets used in CI, or inject backdoors into the resulting wheels or other build outputs. In a production CI/CD context this represents a high-impact software supply chain risk; prefer using a mechanism that verifies the publisher's authenticity and the script integrity (for example, using a package manager with signed packages, or verifying a pinned checksum/signature for the downloaded installer) instead of executing it directly via curl | bash.
Severity: HIGH. Confidence: 9
Mark copied git repo as a safe directory (#114)
The rocm ci build system fetches the git repo separately and then copies it into the final docker image. Both steps use different uids that causes git to fail inside the docker image due to invalid directory ownership issues. A corollary of `git` failing is that our wheel versioning that depends on `git describe` fails and we end up with `0.0.0` as the fallback version. The PR adds a `RUN git config --global --add safe.directory /root/flashinfer` step in our CI docker file to temporarily workaround the issue.
The rocm ci build system fetches the git repo separately and then copies it into the final docker image. Both steps use different uids that causes git to fail inside the docker image due to invalid directory ownership issues. A corollary of
gitfailing is that our wheel versioning that depends ongit describefails and we end up with0.0.0as the fallback version.The PR adds a
RUN git config --global --add safe.directory /root/flashinferstep in our CI docker file to temporarily workaround the issue.