Google Git
Sign in
opensecura/3p/openxla/iree/0c2db4e4efae95a726561dffca5c4836dab04c2d^!/.
commit
0c2db4e4efae95a726561dffca5c4836dab04c2d
[log]
author
Stella Laurenzo <laurenzo@google.com>
Sat Feb 04 13:31:26 2023 -0800
committer
GitHub <noreply@github.com>
Sat Feb 04 13:31:26 2023 -0800
tree
1fbdc608da17edbfe8d1edc20f188736a3b81ab6
parent
d87017b56c6e1848b92542c7922341fae743f2a1 [diff]
Upgrade manylinux release image to 2023/01/29 sha. (#12058)

* Brings latest python (needed for 3.11).
* Latest git (2.39.1) also includes safe directory handling, which we
disable in the dockerfile.
* Verified safe directory behavior locally.
* Rolls forward an attempt to make this upgrade from a month ago (which
failed due to picking up a git version that had safe directory handling
enabled but had not global way to disable).

Should satisfy pre-requisites for #12046
diff --git a/.github/workflows/build_package.yml b/.github/workflows/build_package.yml
index d75147c..fad162b 100644
--- a/.github/workflows/build_package.yml
+++ b/.github/workflows/build_package.yml

@@ -62,7 +62,7 @@
             build-package: py-runtime-pkg
             experimental: true
     env:
-      MANYLINUX_X86_64_IMAGE: gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:cea884da52f964a3bc59e7ab5ee040f4a1d92904daefefe651ab93faab182957
+      MANYLINUX_X86_64_IMAGE: gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:d8994b87b45b7b2e6055fccc32db018ec73aeb05a4e43a9daa61b77cc34f846e
 
     steps:
       - uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v2.5.0

diff --git a/build_tools/docker/dockerfiles/manylinux2014_x86_64-release.Dockerfile b/build_tools/docker/dockerfiles/manylinux2014_x86_64-release.Dockerfile
index c7fec5b..6f86bd7 100644
--- a/build_tools/docker/dockerfiles/manylinux2014_x86_64-release.Dockerfile
+++ b/build_tools/docker/dockerfiles/manylinux2014_x86_64-release.Dockerfile

@@ -15,7 +15,7 @@
 # to a newer revision. Newer manylinux images are based on Debian.
 #
 # Refer to: https://github.com/pypa/manylinux
-FROM quay.io/pypa/manylinux2014_x86_64@sha256:9b463efac479efbcab6dec77eca28c5cfa0c5ef64f13ac184eb7117dc1f8edda
+FROM quay.io/pypa/manylinux2014_x86_64@sha256:1818cd784995512fd6865baf79bd34c8f426f356a98fdc53495cf0bcd9e6b790
 
 SHELL ["/bin/bash", "-e", "-u", "-o", "pipefail", "-c"]
 
@@ -60,3 +60,12 @@
   && echo -e "[ROCm]\nname=ROCm\nbaseurl=https://repo.radeon.com/rocm/yum/${ROCM_VERSION}/main\nenabled=1\ngpgcheck=0" >> /etc/yum.repos.d/rocm.repo \
   && echo -e "[amdgpu]\nname=amdgpu\nbaseurl=https://repo.radeon.com/amdgpu/${AMDGPU_VERSION}/rhel/7.9/main/x86_64\nenabled=1\ngpgcheck=0" >> /etc/yum.repos.d/amdgpu.repo \
   && yum install -y rocm-dev
+
+######## GIT CONFIGURATION ########
+# Git started enforcing strict user checking, which thwarts version
+# configuration scripts in a docker image where the tree was checked
+# out by the host and mapped in. Disable the check.
+# See: https://github.com/iree-org/iree/issues/12046
+# We use the wildcard option to disable the checks. This was added
+# in git 2.35.3
+RUN git config --global --add safe.directory '*'

diff --git a/build_tools/docker/prod_digests.txt b/build_tools/docker/prod_digests.txt
index c2cd9dc..6de0efc 100644
--- a/build_tools/docker/prod_digests.txt
+++ b/build_tools/docker/prod_digests.txt

@@ -9,7 +9,7 @@
 gcr.io/iree-oss/nvidia@sha256:1294591d06d2b5eb03a7214fac040a1ccab890ea62e466843553f7fb7aacdc1d
 gcr.io/iree-oss/emscripten@sha256:fdb2bf6b0701a6de80f4f708ea86b001279c8acd904c34ef4d05ee3802711e45
 gcr.io/iree-oss/android@sha256:b0b607d95af8da6a6ce430f22d9d7c621702df13ce2b5d264b79d0ac7e60d670
-gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:cea884da52f964a3bc59e7ab5ee040f4a1d92904daefefe651ab93faab182957
+gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:d8994b87b45b7b2e6055fccc32db018ec73aeb05a4e43a9daa61b77cc34f846e
 gcr.io/iree-oss/shark@sha256:5716f77da8022ec7fa18ebfadd9510f673d39b97a6fca145c81e90146de400c7
 gcr.io/iree-oss/base-bleeding-edge@sha256:fa9591127f8e64003df7b86333df1258108923905ec866d9d9b30f73b0a1d7ea
 gcr.io/iree-oss/swiftshader-bleeding-edge@sha256:8be446ba48a571b37c861574391c10715130d28cd5cadc86e5ec8080c0c6d4fa

diff --git a/build_tools/python_deploy/build_linux_packages.sh b/build_tools/python_deploy/build_linux_packages.sh
index 59fef83..f916e69 100755
--- a/build_tools/python_deploy/build_linux_packages.sh
+++ b/build_tools/python_deploy/build_linux_packages.sh

@@ -42,7 +42,7 @@
 this_dir="$(cd $(dirname $0) && pwd)"
 script_name="$(basename $0)"
 repo_root="$(cd "${this_dir}" && git rev-parse --show-toplevel)"
-manylinux_docker_image="${manylinux_docker_image:-gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:cea884da52f964a3bc59e7ab5ee040f4a1d92904daefefe651ab93faab182957}"
+manylinux_docker_image="${manylinux_docker_image:-gcr.io/iree-oss/manylinux2014_x86_64-release@sha256:d8994b87b45b7b2e6055fccc32db018ec73aeb05a4e43a9daa61b77cc34f846e}"
 python_versions="${override_python_versions:-cp37-cp37m cp38-cp38 cp39-cp39 cp310-cp310}"
 output_dir="${output_dir:-${this_dir}/wheelhouse}"
 packages="${packages:-iree-runtime iree-runtime-instrumented iree-compiler}"