From 5ad338c5bf8a9ac37b9dd02f527bb9f1c0e7bb93 Mon Sep 17 00:00:00 2001 From: Matteo Cherubini Date: Tue, 9 Jun 2026 19:43:47 +0200 Subject: [PATCH] docs: Clarify macOS bash requirements for git-crypt rotation --- README.md | 8 ++++++-- lib/git-crypt.sh | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a5c5df6..f698786 100644 --- a/README.md +++ b/README.md @@ -190,8 +190,9 @@ All tools (git-crypt, bw, qmd) have native Linux binaries. All scripts are compatible with macOS. Requirements: - bash 3.2+ (macOS default) — supported for the **setup scripts** (`make` targets, scaffolding). - The `ingest` skill uses bash 4+ constructs (`mapfile`), but it is deployed and run on the - Linux AI node, not on the macOS setup machine — so this is not a constraint in practice. + Two things need bash 4+: the `ingest` skill (`mapfile`), which runs on the Linux AI node (not a + constraint on the macOS setup machine); and `gcrypt_rotate_key` (`compgen -G`), which **does** + run on the laptop. For key rotation on macOS, use Homebrew bash (`brew install bash`). - GNU coreutils not required — BSD variants of `date`, `grep`, `sed` all handled. - `git-crypt`: install via Homebrew — `brew install git-crypt` - `jq`, `curl`: pre-installed or via Homebrew @@ -695,6 +696,9 @@ cd ~/knowledge-genome-orchestrator/genome-dev gcrypt_rotate_key "genome-dev" ``` +> **macOS:** `gcrypt_rotate_key` uses `compgen -G` (bash 4+). The stock macOS bash 3.2 is not +> enough — run rotation under Homebrew bash (`brew install bash`). + `gcrypt_rotate_key` performs: 1. Unlocks repo with existing key diff --git a/lib/git-crypt.sh b/lib/git-crypt.sh index 0a2825a..44d4716 100644 --- a/lib/git-crypt.sh +++ b/lib/git-crypt.sh @@ -118,6 +118,8 @@ gcrypt_rotate_key() { # 5. Re-stage private files so they are committed encrypted with the new key local staged=0 + # compgen -G requires bash 4+ for reliable glob expansion. macOS stock + # bash is 3.2; use Homebrew bash (already recommended in README) for rotation. if compgen -G "raw/private/*" > /dev/null 2>&1; then git add raw/private/ staged=1