Docker™ image
This directory contains different utilities to build/test the TOSA Checker.
How to build the TOSA Checker manylinux wheel with a Docker™ image
To create a Docker™ image for the TOSA Checker to build it for Python® 3.9 on various Linux® distributions, please run the following command:
docker build . -t tc-cp39-manylinux --build-arg PYTHON_VERSION=3.9 -f Dockerfile
The TensorFlow™ source code is automatically downloaded and is located in the /tensorflow_src
directory.
The command to run the container is:
docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-manylinux
Now call the following command to build a tosa_checker
Python® wheel inside of the container:
cd tosa_checker
python3 setup.py --tensorflow_src_dir /tensorflow_src bdist_wheel
The tosa_checker
wheel can be found in the /dist
directory.
Generate the new manylinux wheel from the tosa_checker
wheel:
auditwheel repair dist/<tosa_checker>.whl -w dist/
The tosa_checker
manylinux wheel can now be found in the dist/
directory.
Install the tosa_checker
manylinux wheel:
pip install dist/<tosa_checker-manyliux>.whl
How to use the TOSA Checker Docker™ image with security countermeasures
A Docker™ image is provided for builds of the TOSA Checker with security countermeasures that are used in the project's continuous integration system. The following countermeasures are provided in this image:
This section will explain how to use this Docker™ image to build the TOSA checker with sanitizers and lint the Python source code with Bandit.
Building the TOSA Checker with sanitizers
To build the Docker™ image run the command below:
docker build . -t tc-cp39-countermeasures --build-arg PYTHON_VERSION=3.9 -f CI.Dockerfile
Note: In this example, the image is built with Python 3.9. This can be changed using the PYTHON_VERSION argument.
After this, run the container as follows, mounting the source code to the container:
docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-countermeasures
Following this, build the TOSA checker using the following command:
cd tosa_checker
python3.9 setup.py --tensorflow_src_dir /tensorflow_src --sanitizer <sanitizer option> bdist_wheel
Choose between asan
or ubsan
as the sanitizer option. The tosa_checker
wheel can be found in the dist/
directory.
The TOSA Checker wheel can then be installed as follows:
python3.9 -m pip install dist/<tosa_checker>.whl
To then run the unit test of the TOSA Checker, the requirements for this must be installed:
cd tests
python3.9 -m pip install -r requirements.txt
Then, if you're using the ASAN option:
export LD_PRELOAD=$(clang -print-file-name=libclang_rt.asan-x86_64.so)
ASAN_OPTIONS=detect_leaks=0 python3.9 -m pytest --capture=no .
For the UBSAN option, run the following command:
UBSAN_OPTIONS=print_stacktrace=1 python3.9 -m pytest --capture=no .
Running the Bandit linter
Firstly build and run the Docker™ image:
docker build . -t tc-cp39-countermeasures --build-arg PYTHON_VERSION=3.9 -f CI.Dockerfile
docker run -it -v <tosa_checker source code on your machine>:/tosa_checker tc-cp39-countermeasures
After this, a HTML report can be generated with Bandit as follows:
cd tosa_checker
python3.9 -m bandit --configfile .bandit.yaml -r . -f html -o report.html
Trademarks and Copyrights
- Python® is a registered trademark of the PSF.
- Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
- Ubuntu® is a registered trademark of Canonical.
- TensorFlow™ is a trademark of Google® LLC.
- Docker™ is a trademark of Docker, Inc.