Is there a way to add trust_remote_code=True param to the convert app? otherwise, cannot convert.
For some models cannot convert due to not to set trust_remote_code=True.
Yes, it's possible. I've added the parameter to the execution of the script.
Please try now and let us know if it worked.
@Felladrin Just a reminder than this may be used be a malicious actor to obtain the HF_TOKEN used for uploading. For that reason, I disabled it again for now until we have a better solution for conversion: https://huggingface.co/spaces/onnx-community/convert-to-onnx/commit/98ae8d1555c7ebf7193255fd1aed23130941079f
just have a toggle for the parameter?
i did it: https://huggingface.co/spaces/onnx-community/convert-to-onnx/discussions/19
@1TSnakers , that’s a great idea! I also liked the warning you added.
I’m okay with that, as long as the user is required to use their own Access Token if the “trust_remote_code” toggle is enabled. Could you make this change?
Currently, inputting the access token is optional. If the token is empty, the access token used is the one set in the environment variable, which has write access to https://huggingface.co/spaces/onnx-community.
What do you think, @Xenova ?
updated!
Hey, @Xenova 👋
When you have a chance, could you please check if it's fine to enable trust_remote_code only when the user use their own access token and voluntarily enables the trust_remote_code switch, as
@1TSnakers
is proposing in this PR?
Hi! This is indeed a much better solution and could work well.
Are we sure that the proposed solution uses the user's token when specified though? At first glance, it looks like it's still using the space's token.
We'd probably need to append this to the call to running the subprocess (for download and upload). See docs.
Good question!
I've made some tests and confirmed that when we set env={} in a subprocess, the subprocess won't have any access of the system environment variables.
But changed it to specifically set the HF_TOKEN as gated models will need the subprocess to have access to it.
env={
"HF_TOKEN": self.config.hf_token,
},
Note: self.config.hf_token will always have some value. If the user has set their own token, it will have the user's token. Otherwise, it will have the token defined in the system.
The PR has been updated.
The PR has been merged, and we now have the toggle button for trusting remote code.
