Skip to content

Computador33/stop-tahoe-update

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github
.github
 
 
docs
docs
 
 
profiles
profiles
 
 
scripts
scripts
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

🛑 Stop Tahoe Update

A community-led effort to delay, suppress, and safely block unwanted macOS upgrades (e.g. Sequoia → Tahoe).

License: MIT Contributions Welcome GitHub Discussions Build & Validate

Safe • Transparent • Community-driven
Everything here is reversible and off by default.

⚙️ Why This Project Exists

Apple allows deferring major macOS upgrades (like Sequoia → Tahoe) for up to 90 days using MDM or configuration profiles.
Beyond that, users are on their own — exposed to constant upgrade prompts, badge counts, and surprise downloads.

Stop Tahoe Update exists to change that responsibly.
We’re building a community-maintained source of truth for users who want to stay on stable macOS versions without unsafe hacks.

🎯 Project Goals

Immediate Goals

  • Provide .mobileconfig profiles for 30 / 60 / 90-day deferrals
  • Include safe install / uninstall / status scripts
  • Establish a safety-first governance model
  • Build and maintain a living documentation hub

🧠 Community Research Goals

  • 🚫 Prevent “Install Tonight” or “Install Now” prompts
  • 🔕 Suppress Settings app badge counts for new macOS upgrades
  • 🛡️ Detect & optionally remove unwanted Install macOS*.app downloads
  • 🌐 Explore early network-detection of upgrade payloads (opt-in)
  • 🧩 Track new Apple deferral keys & declarative MDM behavior

All experimental features are dry-run by default.
No background services, no silent system modifications.

🗂️ Repository Structure

stop-tahoe-update/
├─ profiles/                 # 30, 60, 90-day deferral .mobileconfig files
├─ scripts/                  # Safe install/uninstall/status scripts
├─ plugins/                  # Optional "shield" experiments
│  ├─ installer-watcher/     # Detect & alert on rogue installers
│  └─ update-signal-monitor/ # Early-warning system log monitor
├─ docs/                     # Goals, RFCs, research, compatibility
└─ .github/                  # Governance, CI, review workflows

🔬 Active Experiments

Plugin Type Description Default
Installer Watcher LaunchAgent Detects /Applications/Install macOS*.app and offers to move it to Trash Dry-run
Update Signal Monitor LaunchAgent Monitors unified logs & prefs for upgrade preparation signals Dry-run

Both run in user space, never require sudo, and write audit logs under ~/Library/Logs.

🧭 Roadmap

Phase Description Status
Phase 1 30/60/90-day deferrals + safety scripts ✅ Done
Phase 2 Fallback shields (Installer Watcher, Signal Monitor) 🚧 In progress
Phase 3 Badge & prompt suppression research 🔍 Community testing
Phase 4 Declarative + network-layer experiments 🧪 Future

🧩 Vision & Philosophy

  • Transparency over magic: Every line of code is inspectable and reversible
  • Safety first: No background daemons, no automatic actions
  • Community-led: Every installable artifact is review-gated
  • Apple-aligned: Start with supported deferral keys, innovate cautiously beyond them

🧑‍💻 Contributing

We welcome:

  • 🧱 Developers – build and test optional shields
  • 🔍 Researchers – document macOS update behavior
  • 🧪 Testers – verify reproducibility across versions
  • 🧭 Reviewers – audit scripts and profiles for safety

📄 See CONTRIBUTING.md and docs/GOALS.md.

🧰 Quick Start

1. Clone or download the repo

git clone https://github.com/travisvn/stop-tahoe-update.git
cd stop-tahoe-update

2. Apply a 90-day deferral profile

./scripts/install-profile.sh profiles/deferral-90days.mobileconfig

3. Verify status

./scripts/status.sh

4. Remove later if needed

./scripts/uninstall-profile.sh
🔍 What the deferral profiles actually do

They use Apple’s official com.apple.applicationaccess keys:

<key>forceDelayedMajorSoftwareUpdates</key><true/>
<key>enforcedSoftwareUpdateMajorOSDeferredInstallDelay</key><integer>90</integer>

These settings hide major upgrades from Software Update for up to 90 days. After that, the OS may begin prompting again.

⚖️ Safety & Governance

  • 🧾 Signed releases only — no curl | sh install methods
  • 🧱 CodeOwners required for profiles/, scripts/, and plugins/
  • 🧪 CI validation: XML linting, ShellCheck, SHA-256 hash checks
  • 🛡️ No root operations unless clearly documented & user-initiated
  • 🔒 Security disclosure policy: see SECURITY.md

🗺️ Beyond Tahoe

While this repo focuses on Sequoia → Tahoe, the long-term goal is a more general toolkit: StayOnMac — empowering macOS users to choose when (or if) they upgrade.

Future versions may include:

  • Broader version targeting (Sonoma, Ventura, etc.)
  • GUI wrappers for non-technical users
  • Integration with open MDM tools

💬 Community & Support

  • 💭 GitHub Discussions: share findings, theories, and test results
  • 🧩 observations tag: submit verified upgrade triggers or logs
  • 🧠 RFCs: propose new shields via docs/rfcs/

🧾 License

MIT License — simple, permissive, and open. All contributions must remain verifiable, reversible, and user-controlled.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 100.0%