mirrors/opencode
1
0
Fork 0
mirror of https://github.com/sst/opencode.git synced 2025-12-23 10:11:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: make PLATFORM lazy to prevent errors during module load on unsupported platforms

Browse source
This commit is contained in:
Will@Cambridge 2025-12-21 10:22:22 -05:00
parent 20be90110d
commit 5e1df65935
4 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
packages/opencode/src/util/security/commands/setup.ts
View file

@ -7,7 +7,7 @@ import os from "os"
* Configure sudoers file for passwordless execution
*/
async function configureSudoers(currentUser: string, restrictedUser: string): Promise<void> {
const sudoRule = `${currentUser} ALL=(${restrictedUser}) NOPASSWD: ${PLATFORM.SHELL}`
const sudoRule = `${currentUser} ALL=(${restrictedUser}) NOPASSWD: ${PLATFORM().SHELL}`
// Check if rule already exists
const existing = await Bun.file(SUDOERS_FILE_PATH)

2
packages/opencode/src/util/security/constants.ts
View file

@ -50,5 +50,5 @@ function getPlatformConstants() {
}
}
export const PLATFORM = getPlatformConstants()
export const PLATFORM = getPlatformConstants
export const MACOS = MACOS_CONSTANTS // For darwin.ts

6
packages/opencode/src/util/security/executor.ts
View file

@ -97,9 +97,9 @@ export class ProtectedExecutor {
}
// Set base environment (these override any parent values for security)
env.HOME = PLATFORM.USER_HOME // Match NFSHomeDirectory from user creation
env.HOME = PLATFORM().USER_HOME // Match NFSHomeDirectory from user creation
env.USER = this.restrictedUser
env.SHELL = PLATFORM.SHELL
env.SHELL = PLATFORM().SHELL
return env
}
@ -126,7 +126,7 @@ export class ProtectedExecutor {
"-n", // Non-interactive (requires NOPASSWD)
"-u",
this.restrictedUser,
PLATFORM.SHELL,
PLATFORM().SHELL,
"--noprofile",
"--norc",
"-c",

4
packages/opencode/src/util/security/util.ts
View file

@ -7,7 +7,7 @@ import type { PlatformSecurity } from "./platform/interface"
* Run sudo command (non-interactive, assumes auth cached)
*/
export async function runSudoCommand(cmd: string): Promise<{ exitCode: number; stdout: string; stderr: string }> {
const proc = Bun.spawn(["sudo", "-n", PLATFORM.SHELL, "-c", cmd], {
const proc = Bun.spawn(["sudo", "-n", PLATFORM().SHELL, "-c", cmd], {
stdin: "ignore",
stdout: "pipe",
stderr: "pipe",
@ -125,7 +125,7 @@ export async function rebuildSudoersFile(config: SecurityConfig): Promise<void>
const rules: string[] = []
// Base rule: Allow main user to execute commands as restricted user
rules.push(`${config.mainUser} ALL=(${config.restrictedUser}) NOPASSWD: ${PLATFORM.SHELL}`)
rules.push(`${config.mainUser} ALL=(${config.restrictedUser}) NOPASSWD: ${PLATFORM().SHELL}`)
// Whitelisted command rules: Allow restricted user to run whitelisted commands as main user
for (const command of config.whitelistedCommands) {