docs: Clarify macOS bash requirements for git-crypt rotation
This commit is contained in:
parent
2669a76711
commit
5ad338c5bf
2 changed files with 8 additions and 2 deletions
|
|
@ -190,8 +190,9 @@ All tools (git-crypt, bw, qmd) have native Linux binaries.
|
||||||
All scripts are compatible with macOS. Requirements:
|
All scripts are compatible with macOS. Requirements:
|
||||||
|
|
||||||
- bash 3.2+ (macOS default) — supported for the **setup scripts** (`make` targets, scaffolding).
|
- bash 3.2+ (macOS default) — supported for the **setup scripts** (`make` targets, scaffolding).
|
||||||
The `ingest` skill uses bash 4+ constructs (`mapfile`), but it is deployed and run on the
|
Two things need bash 4+: the `ingest` skill (`mapfile`), which runs on the Linux AI node (not a
|
||||||
Linux AI node, not on the macOS setup machine — so this is not a constraint in practice.
|
constraint on the macOS setup machine); and `gcrypt_rotate_key` (`compgen -G`), which **does**
|
||||||
|
run on the laptop. For key rotation on macOS, use Homebrew bash (`brew install bash`).
|
||||||
- GNU coreutils not required — BSD variants of `date`, `grep`, `sed` all handled.
|
- GNU coreutils not required — BSD variants of `date`, `grep`, `sed` all handled.
|
||||||
- `git-crypt`: install via Homebrew — `brew install git-crypt`
|
- `git-crypt`: install via Homebrew — `brew install git-crypt`
|
||||||
- `jq`, `curl`: pre-installed or via Homebrew
|
- `jq`, `curl`: pre-installed or via Homebrew
|
||||||
|
|
@ -695,6 +696,9 @@ cd ~/knowledge-genome-orchestrator/genome-dev
|
||||||
gcrypt_rotate_key "genome-dev"
|
gcrypt_rotate_key "genome-dev"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
> **macOS:** `gcrypt_rotate_key` uses `compgen -G` (bash 4+). The stock macOS bash 3.2 is not
|
||||||
|
> enough — run rotation under Homebrew bash (`brew install bash`).
|
||||||
|
|
||||||
`gcrypt_rotate_key` performs:
|
`gcrypt_rotate_key` performs:
|
||||||
|
|
||||||
1. Unlocks repo with existing key
|
1. Unlocks repo with existing key
|
||||||
|
|
|
||||||
|
|
@ -118,6 +118,8 @@ gcrypt_rotate_key() {
|
||||||
|
|
||||||
# 5. Re-stage private files so they are committed encrypted with the new key
|
# 5. Re-stage private files so they are committed encrypted with the new key
|
||||||
local staged=0
|
local staged=0
|
||||||
|
# compgen -G requires bash 4+ for reliable glob expansion. macOS stock
|
||||||
|
# bash is 3.2; use Homebrew bash (already recommended in README) for rotation.
|
||||||
if compgen -G "raw/private/*" > /dev/null 2>&1; then
|
if compgen -G "raw/private/*" > /dev/null 2>&1; then
|
||||||
git add raw/private/
|
git add raw/private/
|
||||||
staged=1
|
staged=1
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue