Enable signing of all GGUF models #8
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Instrument the quantization code for all models to delete any existing signature before uploading the new quanitized model. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce TARGET_HF_REPO_SIGN_MODELS to enable or disable the signing of models. Set it to true by default. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Introduce TARGET_HF_REPO_DO_TOKEN_EXCHANGE switch to enable a token exchange of the GitHub token against and IBM sigstore signing token so that the model signature appears to be from an IBM account rather than the github identity that was used to run the build. Note that not everyone can sign with the IBM sigstore signing token since it requires per-user setup by 'me'. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger
force-pushed
the
sign_models.v5-4-upstream
branch
from
fbe1d1d to
513b6a7
Compare
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
stefanberger
force-pushed
the
sign_models.v5-4-upstream
branch
from
513b6a7 to
17b0568
Compare
Member
Author
|
FYI: The changes to the model_signing tool to support the new option |
Member
Author
|
It's merged now: sigstore/model-transparency#501 |
Member
Author
|
The new version v1.1.1 of the model-signing library is now available on pypi: https://pypi.org/project/model-signing/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR enables signing of all GGUF model types and their quantizations. Build switches enable/disable the signing and enable/disable a token exchange with sigstore.verify. With token exchange the resulting signature will show and IBM identity but may require me to set up a mapping for the github Id to the IBM Id.