diff --git a/README.md b/README.md index a5c5df6..f698786 100644 --- a/README.md +++ b/README.md @@ -190,8 +190,9 @@ All tools (git-crypt, bw, qmd) have native Linux binaries. All scripts are compatible with macOS. Requirements: - bash 3.2+ (macOS default) — supported for the **setup scripts** (`make` targets, scaffolding). - The `ingest` skill uses bash 4+ constructs (`mapfile`), but it is deployed and run on the - Linux AI node, not on the macOS setup machine — so this is not a constraint in practice. + Two things need bash 4+: the `ingest` skill (`mapfile`), which runs on the Linux AI node (not a + constraint on the macOS setup machine); and `gcrypt_rotate_key` (`compgen -G`), which **does** + run on the laptop. For key rotation on macOS, use Homebrew bash (`brew install bash`). - GNU coreutils not required — BSD variants of `date`, `grep`, `sed` all handled. - `git-crypt`: install via Homebrew — `brew install git-crypt` - `jq`, `curl`: pre-installed or via Homebrew @@ -695,6 +696,9 @@ cd ~/knowledge-genome-orchestrator/genome-dev gcrypt_rotate_key "genome-dev" ``` +> **macOS:** `gcrypt_rotate_key` uses `compgen -G` (bash 4+). The stock macOS bash 3.2 is not +> enough — run rotation under Homebrew bash (`brew install bash`). + `gcrypt_rotate_key` performs: 1. Unlocks repo with existing key diff --git a/lib/git-crypt.sh b/lib/git-crypt.sh index 0a2825a..44d4716 100644 --- a/lib/git-crypt.sh +++ b/lib/git-crypt.sh @@ -118,6 +118,8 @@ gcrypt_rotate_key() { # 5. Re-stage private files so they are committed encrypted with the new key local staged=0 + # compgen -G requires bash 4+ for reliable glob expansion. macOS stock + # bash is 3.2; use Homebrew bash (already recommended in README) for rotation. if compgen -G "raw/private/*" > /dev/null 2>&1; then git add raw/private/ staged=1