Summary of much pain trying to use bash and wireguard on a mac

apple-bash-zsh-wireguard-emacs-ghosttty.md

Reclaiming macOS: Fixing Ancient Bash & WireGuard CLI

This guide fixes the friction between modern terminal tools and macOS's restricted system environment (Signed System Volume, GPLv3 licensing locks, and App Store sandboxing).

1. Install Modern Runtimes

Apple's /bin/bash is version 3.2 (2007). Modern scripts (like wg-quick) require Bash 4+. Install the latest via Homebrew:

brew install bash wireguard-tools

2. Fix the "Moving Cursor" Delete Key (Ghostty/Terminfo)

Newer terminals like Ghostty use definitions that root doesn't know, causing the Delete key to move the cursor forward. Compile the terminfo for the root user:

infocmp -x | sudo tic -x -o /var/root/.terminfo -

3. Fix the Root Environment (PATH)

Ensure sudo -i finds Homebrew's modern tools instead of Apple's legacy versions:

1. sudo emacs -nw /var/root/.zprofile
2. Add: export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"

4. Rescue WireGuard from the Sandbox

The App Store GUI hides configs in the Keychain. To use the CLI:

1. Open GUI: Edit Tunnel -> Copy the config text.
2. Create Config:

sudo mkdir -p /opt/homebrew/etc/wireguard; sudo emacs -nw /opt/homebrew/etc/wireguard/wg0.conf

3. Paste & Secure: Set strict permissions (required):

sudo chmod 600 /opt/homebrew/etc/wireguard/wg0.conf

4. Bridge the Path:

sudo ln -s /opt/homebrew/etc/wireguard /etc/wireguard

5. CLI Commands

Note: Quit the App Store WireGuard app before running.

• Start: sudo wg-quick up wg0
• Stop: sudo wg-quick down wg0
• Status: sudo wg show

---

Everything is set. You've officially defeated the sandbox—enjoy the peace and quiet of a working terminal!