1OSTREE.REPO-CONFI(5) ostree.repo-config OSTREE.REPO-CONFI(5)
2
6 ostree.repo-config - OSTree repository configuration
7
9 The config file in an OSTree repository is a "keyfile" in the XDG
10 Desktop Entry Specification[1] format. It has several global flags, as
11 well as zero or more remote entries which describe how to access remote
12 repositories.
13 See ostree.repo(5) for more information about OSTree repositories.
15
17 Repository-global options. The following entries are defined:
18 mode
20 One of bare, bare-user or archive-z2 (note that archive is used
21 everywhere else.)
22 repo_version
24 Currently, this must be set to 1.
25 auto-update-summary
27 Boolean value controlling whether or not to automatically update
28 the summary file after any ref is added, removed, or updated. Other
29 modifications which may render a summary file stale (like static
30 deltas, or collection IDs) do not currently trigger an auto-update.
31 commit-update-summary
33 This option is deprecated. Use auto-update-summary instead, for
34 which this option is now an alias.
35 fsync
37 Boolean value controlling whether or not to ensure files are on
38 stable storage when performing operations such as commits, pulls,
39 and checkouts. Defaults to true.
40 If you disable fsync, OSTree will no longer be robust against
42 kernel crashes or power loss.
43 You might choose to disable this for local development
45 repositories, under the assumption they can be recreated from
46 source. Similarly, you could disable for a mirror where you could
47 re-pull.
48 For the system repository, you might choose to disable fsync if you
50 have uninterruptable power supplies and a well tested kernel.
51 min-free-space-percent
53 Integer percentage value (0-99) that specifies a minimum percentage
54 of total space (in blocks) in the underlying filesystem to keep
55 free. The default value is 3, which is enforced when neither this
56 option nor min-free-space-size are set.
57 If min-free-space-size is set to a non-zero value,
59 min-free-space-percent is ignored. Note that,
60 min-free-space-percent is not enforced on metadata objects. It is
61 assumed that metadata objects are relatively small in size compared
62 to content objects and thus kept outside the scope of this option.
63 min-free-space-size
65 Value (in power-of-2 MB, GB or TB) that specifies a minimum space
66 in the underlying filesystem to keep free. Examples of acceptable
67 values: 500MB (524 288 000 bytes), 1GB (1 073 741 824 bytes), 1TB
68 (1 099 511 627 776 bytes).
69 If this option is set to a non-zero value, and
71 min-free-space-percent is also set, this option takes priority.
72 Note that, min-free-space-size is not enforced on metadata objects.
73 It is assumed that metadata objects are relatively small in size
74 compared to content objects and thus kept outside the scope of this
75 option.
76 add-remotes-config-dir
78 Boolean value controlling whether new remotes will be added in the
79 remotes configuration directory. Defaults to true for system ostree
80 repositories. When this is false, remotes will be added in the
81 repository's config file.
82 This only applies to repositories that use a remotes configuration
84 directory such as system ostree repositories, which use
85 /etc/ostree/remotes.d. Non-system repositories do not use a remotes
86 configuration directory unless one is specified when the repository
87 is opened.
88 payload-link-threshold
90 An integer value that specifies a minimum file size for creating a
91 payload link. By default it is disabled.
92 collection-id
94 A reverse DNS domain name under your control, which enables peer to
95 peer distribution of refs in this repository. See the
96 --collection-id section in ostree-init(1)
97 locking
99 Boolean value controlling whether or not OSTree does repository
100 locking internally. This uses file locks and is hence for multiple
101 process exclusion (e.g. Flatpak and OSTree writing to the same
102 repository separately). This is enabled by default since 2018.5.
103 lock-timeout-secs
105 Integer value controlling the number of seconds to block while
106 attempting to acquire a lock (see above). A value of -1 means block
107 indefinitely. The default value is 30.
108 default-repo-finders
110 Semicolon separated default list of finders (sources for refs) to
111 use when pulling. This can be used to disable pulling from mounted
112 filesystems, peers on the local network, or the Internet. However
113 note that it only applies when a set of finders isn't explicitly
114 specified, either by a consumer of libostree API or on the command
115 line. Possible values: config, lan, and mount (or any combination
116 thereof). If unset, this defaults to config;mount; (since the LAN
117 finder is costly).
118
120 Describes a remote repository location.
121 url
123 Must be present; declares URL for accessing metadata and content
124 for remote. See also contenturl. The supported schemes are
125 documented below.
126 contenturl
128 Declares URL for accessing content (filez, static delta parts).
129 When specified, url is used just for metadata: summary, static
130 delta "superblocks".
131 branches
133 A list of strings. Represents the default configured branches to
134 fetch from the remote when no specific branches are requested
135 during a pull operation.
136 proxy
138 A string value, if given should be a URL for a HTTP proxy to use
139 for access to this repository.
140 gpg-verify
142 A boolean value, defaults to true. Controls whether or not OSTree
143 will require commits to be signed by a known GPG key. For more
144 information, see the ostree(1) manual under GPG.
145 gpg-verify-summary
147 A boolean value, defaults to false. Controls whether or not OSTree
148 will check if the summary is signed by a known GPG key. For more
149 information, see the ostree(1) manual under GPG.
150 tls-permissive
152 A boolean value, defaults to false. By default, server TLS
153 certificates will be checked against the system certificate store.
154 If this variable is set, any certificate will be accepted.
155 tls-client-cert-path
157 Path to file for client-side certificate, to present when making
158 requests to this repository.
159 tls-client-key-path
161 Path to file containing client-side certificate key, to present
162 when making requests to this repository.
163 tls-ca-path
165 Path to file containing trusted anchors instead of the system CA
166 database.
167 http2
169 A boolean value, defaults to true. By default, libostree will use
170 HTTP2; setting this to false will disable it. May be useful to work
171 around broken servers.
172 unconfigured-state
174 If set, pulls from this remote will fail with the configured text.
175 This is intended for OS vendors which have a subscription process
176 to access content.
177
179 Options for the sysroot, which contains the OSTree repository,
180 deployments, and stateroots. The following entries are defined:
181 bootloader
183 Configure the bootloader that OSTree uses when deploying the
184 sysroot. This may take the values bootloader=none or
185 bootloader=auto. Default is auto.
186 If none, then OSTree will generate only BLS (Boot Loader
188 Specification) fragments in sysroot/boot/loader/entries/ for the
189 deployment.
190 If auto, then in addition to generating BLS fragments, OSTree will
192 dynamically check for the existence of grub2, uboot, and syslinux
193 bootloaders. If one of the bootloaders is found, then OSTree will
194 generate a config for the bootloader found. For example,
195 grub2-mkconfig is run for the grub2 case.
196
198 In addition to the /ostree/repo/config file, remotes may also be
199 specified in /etc/ostree/remotes.d. The remote configuration file must
200 end in .conf; files whose name does not end in .conf will be ignored.
201
203 Originally, OSTree had just a url option for remotes. Since then, the
204 contenturl option was introduced. Both of these support file, http, and
205 https schemes.
206 Additionally, both of these can be prefixed with the string
208 mirrorlist=, which instructs the client that the target url is a
209 "mirrorlist" format, which is a plain text file of newline-separated
210 URLs. Earlier URLs will be given precedence.
211 Note that currently, the tls-ca-path and tls-client-cert-path options
213 apply to every HTTP request, even when contenturl and/or mirrorlist are
214 in use. This may change in the future to only apply to metadata (i.e.
215 url, not contenturl) fetches.
216
218 OSTree supports a per-remote GPG keyring, as well as a gpgkeypath
219 option. For more information see ostree(1). in the section GPG
220 verification.
221
223 Some content providers may want to control access to remote
224 repositories via HTTP cookies. The ostree remote add-cookie and ostree
225 remote delete-cookie commands will update a per-remote lookaside cookie
226 jar, named $remotename.cookies.txt.
227
229 ostree(1), ostree.repo(5)
230
232 1. XDG Desktop Entry Specification
233 http://standards.freedesktop.org/desktop-entry-spec/latest/
234OSTree OSTREE.REPO-CONFI(5)