This script makes opencode run in a secure context where it only gets write-access to the project-folder you launch it in.
Install 'bubblewrap' package on your system. This should most probably be available via your package manager.
On ArchLinux:
$ yay opencode
On other distributions you need to check what folders things get installed in and update the opencode script with more read-only bind's.
-
Add the script to : ~/.local/my_scripts/
-
Add ~/.local/my_scripts/ to PATH
export PATH=~/.local/my_scripts/:${PATH} >>~/.profile
- After logout/login, or "source ~/.profile" you should see:
$ which opencode
<your homefolder>/.local/my_scripts/opencode
Now you are setup to use opencode as you would normally do. Arguments are parsed and forwarded to the actual opencode binary.
$ cd <project folder>
$ opencode --whatever
- If opencode is located anywhere else than /usr/bin/opencode you need to update the hardcoded path
- This has been tested on ArchLinux so required path's on your system be different.
- Replace /usr/bin/opencode in the script with /usr/bin/bash and run it. Allows you to look around within the the container to see what's available.