Buckets:
| <meta charset="utf-8" /><meta name="hf:doc:metadata" content="{"title":"Security","local":"security","sections":[{"title":"Introduction","local":"introduction","sections":[],"depth":2},{"title":"Handling pull requests","local":"handling-pull-requests","sections":[],"depth":2},{"title":"Build hygiene","local":"build-hygiene","sections":[],"depth":2},{"title":"Supporting reproducibility","local":"supporting-reproducibility","sections":[{"title":"Only build kernels with Nix sandboxing enabled.","local":"only-build-kernels-with-nix-sandboxing-enabled","sections":[],"depth":3},{"title":"Do not build from dirty Git trees","local":"do-not-build-from-dirty-git-trees","sections":[],"depth":3}],"depth":2}],"depth":1}"> | |
| <link href="/docs/kernels/pr_520/en/_app/immutable/assets/0.e3b0c442.css" rel="modulepreload"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/entry/start.7813b24f.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/scheduler.f3b1e791.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/singletons.d3bd4a42.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/paths.6059ca6d.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/entry/app.d97547bc.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/preload-helper.4c8a338e.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/index.023a9934.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/nodes/0.884fe107.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/each.e59479a4.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/nodes/10.a02409a8.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/CopyLLMTxtMenu.d8c1f5b0.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/MermaidChart.svelte_svelte_type_style_lang.11da6958.js"> | |
| <link rel="modulepreload" href="/docs/kernels/pr_520/en/_app/immutable/chunks/CodeBlock.436ee8e3.js"><!-- HEAD_svelte-u9bgzb_START --><meta name="hf:doc:metadata" content="{"title":"Security","local":"security","sections":[{"title":"Introduction","local":"introduction","sections":[],"depth":2},{"title":"Handling pull requests","local":"handling-pull-requests","sections":[],"depth":2},{"title":"Build hygiene","local":"build-hygiene","sections":[],"depth":2},{"title":"Supporting reproducibility","local":"supporting-reproducibility","sections":[{"title":"Only build kernels with Nix sandboxing enabled.","local":"only-build-kernels-with-nix-sandboxing-enabled","sections":[],"depth":3},{"title":"Do not build from dirty Git trees","local":"do-not-build-from-dirty-git-trees","sections":[],"depth":3}],"depth":2}],"depth":1}"><!-- HEAD_svelte-u9bgzb_END --> <p></p> <div class="items-center shrink-0 min-w-[100px] max-sm:min-w-[50px] justify-end ml-auto flex" style="float: right; margin-left: 10px; display: inline-flex; position: relative; z-index: 10;"><div class="inline-flex rounded-md max-sm:rounded-sm"><button class="inline-flex items-center gap-1 h-7 max-sm:h-7 px-2 max-sm:px-1.5 text-sm font-medium text-gray-800 border border-r-0 rounded-l-md max-sm:rounded-l-sm border-gray-200 bg-white hover:shadow-inner dark:border-gray-850 dark:bg-gray-950 dark:text-gray-200 dark:hover:bg-gray-800" aria-live="polite"><span class="inline-flex items-center justify-center rounded-md p-0.5 max-sm:p-0 hover:text-gray-800 dark:hover:text-gray-200"><svg class="sm:size-3.5 size-3" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" fill="currentColor" focusable="false" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 32 32"><path d="M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z" transform="translate(0)"></path><path d="M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z" transform="translate(0)"></path><rect fill="none" width="32" height="32"></rect></svg></span> <span>Copy page</span></button> <button class="inline-flex items-center justify-center w-6 max-sm:w-5 h-7 max-sm:h-7 disabled:pointer-events-none text-sm text-gray-500 hover:text-gray-700 dark:hover:text-white rounded-r-md max-sm:rounded-r-sm border border-l transition border-gray-200 bg-white hover:shadow-inner dark:border-gray-850 dark:bg-gray-950 dark:text-gray-200 dark:hover:bg-gray-800" aria-haspopup="menu" aria-expanded="false" aria-label="Open copy menu"><svg class="transition-transform text-gray-400 overflow-visible sm:size-3.5 size-3 rotate-0" width="1em" height="1em" viewBox="0 0 12 7" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L6 6L11 1" stroke="currentColor"></path></svg></button></div> </div> <h1 class="relative group"><a id="security" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#security"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Security</span></h1> <h2 class="relative group"><a id="introduction" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#introduction"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Introduction</span></h2> <p data-svelte-h="svelte-n02llg">As a kernel builder, you provide code that might be run on thousands or | |
| even millions of machines. This comes with the responsibility of ensuring | |
| no malicious code is distributed.</p> <p data-svelte-h="svelte-qvl8v1">Below, we provide guidelines to help avoid common attack vectors. These | |
| are <em>in addition to</em> common-sense security practices, such as keeping | |
| your credentials/tokens safe, being vigilant against machine compromise, | |
| and doing proper code reviews.</p> <h2 class="relative group"><a id="handling-pull-requests" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#handling-pull-requests"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Handling pull requests</span></h2> <p data-svelte-h="svelte-gf7zn2">The Hugging Face Hub allows users to submit pull requests to your | |
| repositories. <strong>Never</strong> merge a pull request that contains a <code>build/</code> | |
| directory. The binaries inside the <code>build/</code> directory might be compromised | |
| even when the source code looks fine. When a pull request includes | |
| <code>build/</code>, ask the submitter to re-submit it without builds. Build the | |
| kernel on your own trusted infrastructure after the PR is merged.</p> <p data-svelte-h="svelte-1t5wsl8">When a PR does not contain build outputs and is ready to review, <em>carefully</em> | |
| review every changed line, also taking security into account. Even if the | |
| PR is from a trusted party, review it as if their credentials might have | |
| been compromised.</p> <h2 class="relative group"><a id="build-hygiene" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#build-hygiene"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Build hygiene</span></h2> <p data-svelte-h="svelte-1lq4bpe">If possible, do builds on a dedicated build machine/VM that is only used | |
| for sandboxed builds (non-macOS kernel-builder builds are sandboxed as | |
| well). Specialized machines are less likely to be compromised, especially | |
| when they are accessed with a hardware-stored SSH key that requires user | |
| interaction.</p> <h2 class="relative group"><a id="supporting-reproducibility" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#supporting-reproducibility"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Supporting reproducibility</span></h2> <p data-svelte-h="svelte-1ee5iya">Reproducible builds are very helpful to verify that no malicious code has | |
| slipped into a kernel. If a kernel build is reproducible, then anyone can | |
| rebuild a kernel and verify the binaries match the distributed binaries. | |
| Full reproducibility is a goal we are working toward in <code>kernel-builder</code>.</p> <p data-svelte-h="svelte-1yfo4tn">However, this also requires assistance from the kernel builder. This section | |
| describes what you need to do to make reproducible builds possible.</p> <h3 class="relative group"><a id="only-build-kernels-with-nix-sandboxing-enabled" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#only-build-kernels-with-nix-sandboxing-enabled"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Only build kernels with Nix sandboxing enabled.</span></h3> <p data-svelte-h="svelte-cvhztp">Nix can be used with sandboxing disabled to support systems that do not | |
| support sandboxing (e.g. Linux systems that are configured to disable | |
| mount/network namespaces). <strong>Never</strong> build kernels with sandboxing disabled. | |
| Not only can this cause stray system dependencies to be picked up, but | |
| it can also cause other impurities to slip into the build, making it | |
| impossible to reproduce the build. You can verify that sandboxing is enabled | |
| using <code>nix-info</code>:</p> <div class="code-block relative "><div class="absolute top-2.5 right-4"><button class="inline-flex items-center relative text-sm focus:text-green-500 cursor-pointer focus:outline-none transition duration-200 ease-in-out opacity-0 mx-0.5 text-gray-600 " title="code excerpt" type="button"><svg class="" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" fill="currentColor" focusable="false" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 32 32"><path d="M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z" transform="translate(0)"></path><path d="M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z" transform="translate(0)"></path><rect fill="none" width="32" height="32"></rect></svg> <div class="absolute pointer-events-none transition-opacity bg-black text-white py-1 px-2 leading-tight rounded font-normal shadow left-1/2 top-full transform -translate-x-1/2 translate-y-2 opacity-0"><div class="absolute bottom-full left-1/2 transform -translate-x-1/2 w-0 h-0 border-black border-4 border-t-0" style="border-left-color: transparent; border-right-color: transparent; "></div> Copied</div></button></div> <pre class=""><!-- HTML_TAG_START -->$ nix-shell -p nix-info --run <span class="hljs-string">"nix-info -m"</span> | |
| - system: `<span class="hljs-string">"x86_64-linux"</span>` | |
| - host os: `Linux 6.12.39, NixOS, 25.11 (Xantusia), 25.11.20250723.1744f3d` | |
| - multi-user?: `<span class="hljs-built_in">yes</span>` | |
| - sandbox: `<span class="hljs-built_in">yes</span>` | |
| - version: `nix-env (Nix) 2.28.4` | |
| - nixpkgs: `/nix/store/fqwc3ghi5qfdmzklpwssbamxcqj1vgl3-<span class="hljs-built_in">source</span>`<!-- HTML_TAG_END --></pre></div> <h3 class="relative group"><a id="do-not-build-from-dirty-git-trees" class="header-link block pr-1.5 text-lg no-hover:hidden with-hover:absolute with-hover:p-1.5 with-hover:opacity-0 with-hover:group-hover:opacity-100 with-hover:right-full" href="#do-not-build-from-dirty-git-trees"><span><svg class="" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 256"><path d="M167.594 88.393a8.001 8.001 0 0 1 0 11.314l-67.882 67.882a8 8 0 1 1-11.314-11.315l67.882-67.881a8.003 8.003 0 0 1 11.314 0zm-28.287 84.86l-28.284 28.284a40 40 0 0 1-56.567-56.567l28.284-28.284a8 8 0 0 0-11.315-11.315l-28.284 28.284a56 56 0 0 0 79.196 79.197l28.285-28.285a8 8 0 1 0-11.315-11.314zM212.852 43.14a56.002 56.002 0 0 0-79.196 0l-28.284 28.284a8 8 0 1 0 11.314 11.314l28.284-28.284a40 40 0 0 1 56.568 56.567l-28.285 28.285a8 8 0 0 0 11.315 11.314l28.284-28.284a56.065 56.065 0 0 0 0-79.196z" fill="currentColor"></path></svg></span></a> <span>Do not build from dirty Git trees</span></h3> <p data-svelte-h="svelte-cyta3c">Before building a kernel, ensure that all changes are committed. This | |
| makes it possible to reproduce a build from exactly the same source code. | |
| We bake the git shorthash into the ops name, so that it is clear from | |
| which git hash a kernel was built.</p> <a class="!text-gray-400 !no-underline text-sm flex items-center not-prose mt-4" href="https://github.com/huggingface/kernels/blob/main/docs/source/builder/security.md" target="_blank"><svg class="mr-1" xmlns="http://www.w3.org/2000/svg" aria-hidden="true" fill="currentColor" focusable="false" role="img" width="1em" height="1em" preserveAspectRatio="xMidYMid meet" viewBox="0 0 32 32"><path d="M31,16l-7,7l-1.41-1.41L28.17,16l-5.58-5.59L24,9l7,7z"></path><path d="M1,16l7-7l1.41,1.41L3.83,16l5.58,5.59L8,23l-7-7z"></path><path d="M12.419,25.484L17.639,6.552l1.932,0.518L14.351,26.002z"></path></svg> <span data-svelte-h="svelte-zjs2n5"><span class="underline">Update</span> on GitHub</span></a> <p></p> | |
| <script> | |
| { | |
| __sveltekit_lhya45 = { | |
| assets: "/docs/kernels/pr_520/en", | |
| base: "/docs/kernels/pr_520/en", | |
| env: {} | |
| }; | |
| const element = document.currentScript.parentElement; | |
| const data = [null,null]; | |
| Promise.all([ | |
| import("/docs/kernels/pr_520/en/_app/immutable/entry/start.7813b24f.js"), | |
| import("/docs/kernels/pr_520/en/_app/immutable/entry/app.d97547bc.js") | |
| ]).then(([kit, app]) => { | |
| kit.start(app, element, { | |
| node_ids: [0, 10], | |
| data, | |
| form: null, | |
| error: null | |
| }); | |
| }); | |
| } | |
| </script> | |
Xet Storage Details
- Size:
- 19.2 kB
- Xet hash:
- 8b21553e3ff40e74ab068cc6cf549047619d4200fa831d451d7a143a229f3cec
·
Xet efficiently stores files, intelligently splitting them into unique chunks and accelerating uploads and downloads. More info.