1DNF.CONF(5) DNF DNF.CONF(5)
2
3
4
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13
14 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18
19 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case al‐
23 phabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 Configuration options, namely best and skip_if_unavailable, can be set
29 in the DNF configuration file by your distribution to override the DNF
30 defaults.
31
33 allow_vendor_change
34 boolean
35
36 If disabled dnf will stick to vendor when upgrading or downgrad‐
37 ing rpms. Default is True
38
39 WARNING:
40 This option is currently not supported for downgrade and dis‐
41 tro-sync commands
42
43 arch string
44
45 The architecture used for installing packages. By default this
46 is auto-detected. Often used together with ignorearch option.
47
48 assumeno
49 boolean
50
51 If enabled dnf will assume No where it would normally prompt for
52 confirmation from user input. Default is False.
53
54 assumeyes
55 boolean
56
57 If enabled dnf will assume Yes where it would normally prompt
58 for confirmation from user input (see also defaultyes). Default
59 is False.
60
61 autocheck_running_kernel
62 boolean
63
64 Automatic check whether there is installed newer kernel module
65 with security update than currently running kernel. Default is
66 True.
67
68 basearch
69 string
70
71 The base architecture used for installing packages. By default
72 this is auto-detected.
73
74 best boolean
75
76 True instructs the solver to either use a package with the high‐
77 est available version or fail. On False, do not fail if the lat‐
78 est version cannot be installed and go with the lower version.
79 The default is False. Note this option in particular can be set
80 in your configuration file by your distribution.
81
82 cachedir
83 string
84
85 Path to a directory used by various DNF subsystems for storing
86 cache data. Has a reasonable root-writable default depending on
87 the distribution. DNF needs to be able to create files and di‐
88 rectories at this location.
89
90 cacheonly
91 boolean
92
93 If set to True DNF will run entirely from system cache, will not
94 update the cache and will use it even in case it is expired. De‐
95 fault is False.
96
97 check_config_file_age
98 boolean
99
100 Specifies whether dnf should automatically expire metadata of
101 repos, which are older than their corresponding configuration
102 file (usually the dnf.conf file and the foo.repo file). Default
103 is True (perform the check). Expire of metadata is also affected
104 by metadata age. See also metadata_expire.
105
106 clean_requirements_on_remove
107 boolean
108
109 Remove dependencies that are no longer used during dnf remove. A
110 package only qualifies for removal via clean_requirements_on_re‐
111 move if it was installed through DNF but not on explicit user
112 request, i.e. it was pulled in as a dependency. The default is
113 True. (installonlypkgs are never automatically removed.)
114
115 config_file_path
116 string
117
118 Path to the default main configuration file. Default is
119 /etc/dnf/dnf.conf.
120
121 debuglevel
122 integer
123
124 Debug messages output level, in the range 0 to 10. The higher
125 the number the more debug output is put to stdout. Default is 2.
126
127 debug_solver
128 boolean
129
130 Controls whether the libsolv debug files should be created when
131 solving the transaction. The debug files are created in the
132 ./debugdata directory. Default is False.
133
134 defaultyes
135 boolean
136
137 If enabled the default answer to user confirmation prompts will
138 be Yes. Not to be confused with assumeyes which will not prompt
139 at all. Default is False.
140
141 diskspacecheck
142 boolean
143
144 Controls wheather rpm shoud check available disk space during
145 the transaction. Default is True.
146
147 errorlevel
148 integer
149
150 Error messages output level, in the range 0 to 10. The higher
151 the number the more error output is put to stderr. Default is 3.
152 This is deprecated in DNF and overwritten by --verbose command‐
153 line option.
154
155 exit_on_lock
156 boolean
157
158 Should the dnf client exit immediately when something else has
159 the lock. Default is False.
160
161 gpgkey_dns_verification
162 boolean
163
164 Should the dnf attempt to automatically verify GPG verification
165 keys using the DNS system. This option requires the unbound
166 python module (python3-unbound) to be installed on the client
167 system. This system has two main features. The first one is to
168 check if any of the already installed keys have been revoked.
169 Automatic removal of the key is not yet available, so it is up
170 to the user, to remove revoked keys from the system. The second
171 feature is automatic verification of new keys when a repository
172 is added to the system. In interactive mode, the result is writ‐
173 ten to the output as a suggestion to the user. In non-interac‐
174 tive mode (i.e. when -y is used), this system will automatically
175 accept keys that are available in the DNS and are correctly
176 signed using DNSSEC. It will also accept keys that do not exist
177 in the DNS system and their NON-existence is cryptographically
178 proven using DNSSEC. This is mainly to preserve backward compat‐
179 ibility. Default is False.
180
181 group_package_types
182 list
183
184 List of the following: optional, default, mandatory. Tells dnf
185 which type of packages in groups will be installed when
186 'groupinstall' is called. Default is: default, mandatory.
187
188 ignorearch
189 boolean
190
191 If set to True, RPM will allow attempts to install packages in‐
192 compatible with the CPU's architecture. Defaults to False. Often
193 used together with arch option.
194
195 installonlypkgs
196 list
197
198 List of provide names of packages that should only ever be in‐
199 stalled, never upgraded. Kernels in particular fall into this
200 category. These packages are never removed by dnf autoremove
201 even if they were installed as dependencies (see
202 clean_requirements_on_remove for auto removal details). This
203 option append the list values to the default installonlypkgs
204 list used by DNF. The number of kept package versions is regu‐
205 lated by installonly_limit.
206
207 installonly_limit
208 integer
209
210 Number of installonly packages allowed to be installed concur‐
211 rently. Defaults to 3. The minimal number of installonly pack‐
212 ages is 2. Value 0 means unlimited number of installonly pack‐
213 ages. Value 1 is explicitely not allowed since it complicates
214 kernel upgrades due to protection of the running kernel from re‐
215 moval.
216
217 installroot
218 string
219
220 The root of the filesystem for all packaging operations. It re‐
221 quires an absolute path. See also --installroot commandline op‐
222 tion.
223
224 install_weak_deps
225 boolean
226
227 When this option is set to True and a new package is about to be
228 installed, all packages linked by weak dependency relation (Rec‐
229 ommends or Supplements flags) with this package will be pulled
230 into the transaction. Default is True.
231
232 keepcache
233 boolean
234
235 Keeps downloaded packages in the cache when set to True. Even if
236 it is set to False and packages have not been installed they
237 will still persist until next successful transaction. The de‐
238 fault is False.
239
240 logdir string
241
242 Directory where the log files will be stored. Default is
243 /var/log.
244
245 logfilelevel
246 integer
247
248 Log file messages output level, in the range 0 to 10. The higher
249 the number the more debug output is put to logs. Default is 9.
250
251 This option controls dnf.log, dnf.librepo.log and hawkey.log.
252 Although dnf.librepo.log and hawkey.log are affected only by
253 setting the logfilelevel to 10.
254
255 log_compress
256 boolean
257
258 When set to True, log files are compressed when they are ro‐
259 tated. Default is False.
260
261 log_rotate
262 integer
263
264 Log files are rotated log_rotate times before being removed. If
265 log_rotate is 0, the rotation is not performed. Default is 4.
266
267 log_size
268 storage size
269
270 Log files are rotated when they grow bigger than log_size
271 bytes. If log_size is 0, the rotation is not performed. The de‐
272 fault is 1 MB. Valid units are 'k', 'M', 'G'.
273
274 The size applies for individual log files, not the sum of all
275 log files. See also log_rotate.
276
277 metadata_timer_sync
278 time in seconds
279
280 The minimal period between two consecutive makecache timer runs.
281 The command will stop immediately if it's less than this time
282 period since its last run. Does not affect simple makecache run.
283 Use 0 to completely disable automatic metadata synchronizing.
284 The default corresponds to three hours. The value is rounded to
285 the next commenced hour.
286
287 module_obsoletes
288 boolean
289
290 This option controls whether dnf should apply modular obsoletes
291 when possible.
292
293 module_platform_id
294 string
295
296 Set this to $name:$stream to override PLATFORM_ID detected from
297 /etc/os-release. It is necessary to perform a system upgrade
298 and switch to a new platform.
299
300 module_stream_switch
301 boolean
302
303 This option controls whether it's possible to switch enabled
304 streams of a module.
305
306 multilib_policy
307 string
308
309 Controls how multilib packages are treated during install opera‐
310 tions. Can either be "best" (the default) for the depsolver to
311 prefer packages which best match the system's architecture, or
312 "all" to install all available packages with compatible archi‐
313 tectures.
314
315 obsoletes
316 boolean
317
318 This option only has affect during an install/update. It enables
319 dnf's obsoletes processing logic, which means it makes dnf check
320 whether any dependencies of given package are no longer required
321 and removes them. Useful when doing distribution level up‐
322 grades. Default is 'true'.
323
324 Command-line option: --obsoletes
325
326 persistdir
327 string
328
329 Directory where DNF stores its persistent data between runs. De‐
330 fault is "/var/lib/dnf".
331
332 pluginconfpath
333 list
334
335 List of directories that are searched for plugin configurations
336 to load. All configuration files found in these directories,
337 that are named same as a plugin, are parsed. The default path is
338 /etc/dnf/plugins.
339
340 pluginpath
341 list
342
343 List of directories that are searched for plugins to load. Plug‐
344 ins found in any of the directories in this configuration option
345 are used. The default contains a Python version-specific path.
346
347 plugins
348 boolean
349
350 Controls whether the plugins are enabled. Default is True.
351
352 protected_packages
353 list
354
355 List of packages that DNF should never completely remove. They
356 are protected via Obsoletes as well as user/plugin removals.
357
358 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
359 glob:/etc/dnf/protected.d/*.conf. So any packages which should
360 be protected can do so by including a file in /etc/dnf/pro‐
361 tected.d with their package name in it.
362
363 DNF will protect also the package corresponding to the running
364 version of the kernel. See also protect_running_kernel option.
365
366 protect_running_kernel
367 boolean
368
369 Controls whether the package corresponding to the running ver‐
370 sion of kernel is protected from removal. Default is True.
371
372 releasever
373 string
374
375 Used for substitution of $releasever in the repository configu‐
376 ration. See also repo variables.
377
378 reposdir
379 list
380
381 DNF searches for repository configuration files in the paths
382 specified by reposdir. The behavior of reposdir could differ
383 when it is used along with --installroot option.
384
385 rpmverbosity
386 string
387
388 RPM debug scriptlet output level. One of: critical, emergency,
389 error, warn, info or debug. Default is info.
390
391 strict boolean
392
393 If disabled, all unavailable packages or packages with broken
394 dependencies given to DNF command will be skipped without rais‐
395 ing the error causing the whole operation to fail. Currently
396 works for install command only. The default is True.
397
398 tsflags
399 list
400
401 List of strings adding extra flags for the RPM transaction.
402
403 ┌─────────────┬────────────────────────────┐
404 │tsflag value │ RPM Transaction Flag │
405 ├─────────────┼────────────────────────────┤
406 │noscripts │ RPMTRANS_FLAG_NOSCRIPTS │
407 ├─────────────┼────────────────────────────┤
408 │test │ RPMTRANS_FLAG_TEST │
409 ├─────────────┼────────────────────────────┤
410 │notriggers │ RPMTRANS_FLAG_NOTRIGGERS │
411 ├─────────────┼────────────────────────────┤
412 │nodocs │ RPMTRANS_FLAG_NODOCS │
413 ├─────────────┼────────────────────────────┤
414 │justdb │ RPMTRANS_FLAG_JUSTDB │
415 ├─────────────┼────────────────────────────┤
416 │nocontexts │ RPMTRANS_FLAG_NOCONTEXTS │
417 ├─────────────┼────────────────────────────┤
418 │nocaps │ RPMTRANS_FLAG_NOCAPS │
419 ├─────────────┼────────────────────────────┤
420 │nocrypto │ RPMTRANS_FLAG_NOFILEDIGEST │
421 └─────────────┴────────────────────────────┘
422
423 The nocrypto option will also set the _RPMVSF_NOSIGNATURES and
424 _RPMVSF_NODIGESTS VS flags. The test option provides a transac‐
425 tion check without performing the transaction. It includes down‐
426 loading of packages, gpg keys check (including permanent import
427 of additional keys if necessary), and rpm check to prevent file
428 conflicts. The nocaps is supported with rpm-4.14 or later. When
429 nocaps is used but rpm doesn't support it, DNF only reports it
430 as an invalid tsflag.
431
432 upgrade_group_objects_upgrade
433 boolean
434
435 Set this to False to disable the automatic running of group up‐
436 grade when running the upgrade command. Default is True (perform
437 the operation).
438
439 varsdir
440 list
441
442 List of directories where variables definition files are looked
443 for. Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
444 files in Configuration reference.
445
446 zchunk boolean
447
448 Enables or disables the use of repository metadata compressed
449 using the zchunk format (if available). Default is True.
450
452 color string
453
454 Controls if DNF uses colored output on the command line. Possi‐
455 ble values: "auto", "never", "always". Default is "auto".
456
457 color_list_available_downgrade
458 color
459
460 Color of available packages that are older than installed pack‐
461 ages. The option is used during list operations.
462
463 color_list_available_install
464 color
465
466 Color of packages that are available for installation and none
467 of their versions in installed. The option is used during list
468 operations.
469
470 color_list_available_reinstall
471 color
472
473 Color of available packages that are identical to installed ver‐
474 sions and are available for reinstalls. The option is used dur‐
475 ing list operations.
476
477 color_list_available_upgrade
478 color
479
480 Color of available packages that are newer than installed pack‐
481 ages. The option is used during list operations.
482
483 color_list_installed_extra
484 color
485
486 Color of installed packages that do not have any version among
487 available packages. The option is used during list operations.
488
489 color_list_installed_newer
490 color
491
492 Color of installed packages that are newer than any version
493 among available packages. The option is used during list opera‐
494 tions.
495
496 color_list_installed_older
497 color
498
499 Color of installed packages that are older than any version
500 among available packages. The option is used during list opera‐
501 tions.
502
503 color_list_installed_reinstall
504 color
505
506 Color of installed packages that are among available packages
507 and can be reinstalled. The option is used during list opera‐
508 tions.
509
510 color_search_match
511 color
512
513 Color of patterns matched in search output.
514
515 color_update_installed
516 color
517
518 Color of removed packages. This option is used during display‐
519 ing transactions.
520
521 color_update_local
522 color
523
524 Color of local packages that are installed from the @commandline
525 repository. This option is used during displaying transactions.
526
527 color_update_remote
528 color
529
530 Color of packages that are installed/upgraded/downgraded from
531 remote repositories. This option is used during displaying
532 transactions.
533
535 baseurl
536 list
537
538 List of URLs for the repository. Defaults to [].
539
540 cost integer
541
542 The relative cost of accessing this repository, defaulting to
543 1000. This value is compared when the priorities of two reposi‐
544 tories are the same. The repository with the lowest cost is
545 picked. It is useful to make the library prefer on-disk reposi‐
546 tories to remote ones.
547
548 enabled
549 boolean
550
551 Include this repository as a package source. The default is
552 True.
553
554 gpgkey list of strings
555
556 URLs of a GPG key files that can be used for signing metadata
557 and packages of this repository, empty by default. If a file can
558 not be verified using the already imported keys, import of keys
559 from this option is attempted and the keys are then used for
560 verification.
561
562 metalink
563 string
564
565 URL of a metalink for the repository. Defaults to None.
566
567 mirrorlist
568 string
569
570 URL of a mirrorlist for the repository. Defaults to None.
571
572 module_hotfixes
573 boolean
574
575 Set this to True to disable module RPM filtering and make all
576 RPMs from the repository available. The default is False. This
577 allows user to create a repository with cherry-picked hotfixes
578 that are included in a package set on a modular system.
579
580 name string
581
582 A human-readable name of the repository. Defaults to the ID of
583 the repository.
584
585 priority
586 integer
587
588 The priority value of this repository, default is 99. If there
589 is more than one candidate package for a particular operation,
590 the one from a repo with the lowest priority value is picked,
591 possibly despite being less convenient otherwise (e.g. by being
592 a lower version).
593
594 type string
595
596 Type of repository metadata. Supported values are: rpm-md.
597 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
598
600 Right side of every repo option can be enriched by the following vari‐
601 ables:
602
603 $arch
604 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
605 x86_64.
606
607 $basearch
608 Refers to the base architecture of the system. For example, i686 and
609 i586 machines both have a base architecture of i386, and AMD64 and
610 Intel64 machines have a base architecture of x86_64.
611
612 $releasever
613 Refers to the release version of operating system which DNF derives
614 from information available in RPMDB.
615
616 In addition to these hard coded variables, user-defined ones can also
617 be used. They can be defined either via variable files, or by using
618 special environmental variables. The names of these variables must be
619 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
620 acters and underscores:
621
622 $ DNF_VAR_MY_VARIABLE=value
623
624 To use such variable in your repository configuration remove the pre‐
625 fix. E.g.:
626
627 [myrepo]
628 baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
629
630 Note that it is not possible to override the arch and basearch vari‐
631 ables using either variable files or environmental variables.
632
633 Although users are encouraged to use named variables, the numbered en‐
634 vironmental variables DNF0 - DNF9 are still supported:
635
636 $ DNF1=value
637
638 [myrepo]
639 baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
640
642 Some options can be applied in either the main section, per repository,
643 or in a combination. The value provided in the main section is used for
644 all repositories as the default value, which repositories can then
645 override in their configuration.
646
647 bandwidth
648 storage size
649
650 Total bandwidth available for downloading. Meaningful when used
651 with the throttle option. Storage size is in bytes by default
652 but can be specified with a unit of storage. Valid units are
653 'k', 'M', 'G'.
654
655 countme
656 boolean
657
658 Determines whether a special flag should be added to a single,
659 randomly chosen metalink/mirrorlist query each week. This al‐
660 lows the repository owner to estimate the number of systems con‐
661 suming it, by counting such queries over a week's time, which is
662 much more accurate than just counting unique IP addresses (which
663 is subject to both overcounting and undercounting due to short
664 DHCP leases and NAT, respectively).
665
666 The flag is a simple "countme=N" parameter appended to the met‐
667 alink and mirrorlist URL, where N is an integer representing the
668 "longevity" bucket this system belongs to. The following 4
669 buckets are defined, based on how many full weeks have passed
670 since the beginning of the week when this system was installed:
671 1 = first week, 2 = first month (2-4 weeks), 3 = six months
672 (5-24 weeks) and 4 = more than six months (> 24 weeks). This
673 information is meant to help distinguish short-lived installs
674 from long-term ones, and to gather other statistics about system
675 lifecycle.
676
677 Default is False.
678
679 deltarpm
680 boolean
681
682 When enabled, DNF will save bandwidth by downloading much
683 smaller delta RPM files, rebuilding them to RPM locally. How‐
684 ever, this is quite CPU and I/O intensive. Default is True.
685
686 deltarpm_percentage
687 integer
688
689 When the relative size of delta vs pkg is larger than this,
690 delta is not used. Default value is 75 (Deltas must be at least
691 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
692 ing. Local repositories (with file:// baseurl) have delta rpms
693 turned off by default.
694
695 enablegroups
696 boolean
697
698 Determines whether DNF will allow the use of package groups for
699 this repository. Default is True (package groups are allowed).
700
701 excludepkgs
702 list
703
704 Exclude packages of this repository, specified by a name or a
705 glob and separated by a comma, from all operations. Can be dis‐
706 abled using --disableexcludes command line switch. Defaults to
707 [].
708
709 fastestmirror
710 boolean
711
712 If enabled a metric is used to find the fastest available mir‐
713 ror. This overrides the order provided by the mirrorlist/met‐
714 alink file itself. This file is often dynamically generated by
715 the server to provide the best download speeds and enabling
716 fastestmirror overrides this. The default is False.
717
718 gpgcheck
719 boolean
720
721 Whether to perform GPG signature check on packages found in this
722 repository. The default is False.
723
724 This option can only be used to strengthen the active RPM secu‐
725 rity policy set with the %_pkgverify_level macro (see the
726 /usr/lib/rpm/macros file for details). That means, if the macro
727 is set to 'signature' or 'all' and this option is False, it will
728 be overridden to True during DNF runtime, and a warning will be
729 printed. To squelch the warning, make sure this option is True
730 for every enabled repository, and also enable localpkg_gpgcheck.
731
732 includepkgs
733 list
734
735 Include packages of this repository, specified by a name or a
736 glob and separated by a comma, in all operations. Inverse of
737 excludepkgs, DNF will exclude any package in the repository that
738 doesn't match this list. This works in conjunction with ex‐
739 cludepkgs and doesn't override it, so if you 'excludep‐
740 kgs=*.i386' and 'includepkgs=python*' then only packages start‐
741 ing with python that do not have an i386 arch will be seen by
742 DNF in this repo. Can be disabled using --disableexcludes com‐
743 mand line switch. Defaults to [].
744
745 ip_resolve
746 IP address type
747
748 Determines how DNF resolves host names. Set this to '4'/'IPv4'
749 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By de‐
750 fault, DNF resolves to either addresses.
751
752 localpkg_gpgcheck
753 boolean
754
755 Whether to perform a GPG signature check on local packages
756 (packages in a file, not in a repository). The default is
757 False. This option is subject to the active RPM security policy
758 (see gpgcheck for more details).
759
760 max_parallel_downloads
761 integer
762
763 Maximum number of simultaneous package downloads. Defaults to 3.
764 Maximum of 20.
765
766 metadata_expire
767 time in seconds
768
769 The period after which the remote repository is checked for
770 metadata update and in the positive case the local metadata
771 cache is updated. The default corresponds to 48 hours. Set this
772 to -1 or never to make the repo never considered expired. Expire
773 of metadata can be also triggered by change of timestamp of con‐
774 figuration files (dnf.conf, <repo>.repo). See also
775 check_config_file_age.
776
777 minrate
778 storage size
779
780 This sets the low speed threshold in bytes per second. If the
781 server is sending data at the same or slower speed than this
782 value for at least timeout option seconds, DNF aborts the con‐
783 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
784
785 password
786 string
787
788 The password to use for connecting to a repository with basic
789 HTTP authentication. Empty by default.
790
791 proxy string
792
793 URL of a proxy server to connect through. Set to an empty string
794 to disable the proxy setting inherited from the main section and
795 use direct connection instead. The expected format of this op‐
796 tion is <scheme>://<ip-or-hostname>[:port]. (For backward com‐
797 patibility, '_none_' can be used instead of the empty string.)
798
799 Note: The curl environment variables (such as http_proxy) are
800 effective if this option is unset. See the curl man page for de‐
801 tails.
802
803 proxy_username
804 string
805
806 The username to use for connecting to the proxy server. Empty by
807 default.
808
809 proxy_password
810 string
811
812 The password to use for connecting to the proxy server. Empty by
813 default.
814
815 proxy_auth_method
816 string
817
818 The authentication method used by the proxy server. Valid values
819 are
820
821 ┌──────────┬────────────────────────────┐
822 │method │ meaning │
823 ├──────────┼────────────────────────────┤
824 │basic │ HTTP Basic authentication │
825 ├──────────┼────────────────────────────┤
826 │digest │ HTTP Digest authentication │
827 ├──────────┼────────────────────────────┤
828 │negotiate │ HTTP Negotiate (SPNEGO) │
829 │ │ authentication │
830 ├──────────┼────────────────────────────┤
831 │ntlm │ HTTP NTLM authentication │
832 ├──────────┼────────────────────────────┤
833 │digest_ie │ HTTP Digest authentication │
834 │ │ with an IE flavor │
835 ├──────────┼────────────────────────────┤
836 │ntlm_wb │ NTLM delegating to winbind │
837 │ │ helper │
838 ├──────────┼────────────────────────────┤
839 │none │ None auth method │
840 ├──────────┼────────────────────────────┤
841 │any │ All suitable methods │
842 └──────────┴────────────────────────────┘
843
844 Defaults to any
845
846 proxy_sslcacert
847 string
848
849 Path to the file containing the certificate authorities to ver‐
850 ify proxy SSL certificates. Empty by default - uses system de‐
851 fault.
852
853 proxy_sslverify
854 boolean
855
856 When enabled, proxy SSL certificates are verified. If the client
857 can not be authenticated, connecting fails and the repository is
858 not used any further. If False, SSL connections can be used, but
859 certificates are not verified. Default is True.
860
861 proxy_sslclientcert
862 string
863
864 Path to the SSL client certificate used to connect to proxy
865 server. Empty by default.
866
867 proxy_sslclientkey
868 string
869
870 Path to the SSL client key used to connect to proxy server.
871 Empty by default.
872
873 repo_gpgcheck
874 boolean
875
876 Whether to perform GPG signature check on this repository's
877 metadata. The default is False.
878
879 retries
880 integer
881
882 Set the number of total retries for downloading packages. The
883 number is accumulative, so e.g. for retries=10, dnf will fail
884 after any package download fails for eleventh time. Setting this
885 to 0 makes dnf try forever. Default is 10.
886
887 skip_if_unavailable
888 boolean
889
890 If enabled, DNF will continue running and disable the repository
891 that couldn't be synchronized for any reason. This option
892 doesn't affect skipping of unavailable packages after dependency
893 resolution. To check inaccessibility of repository use it in
894 combination with refresh command line option. The default is
895 False. Note this option in particular can be set in your con‐
896 figuration file by your distribution.
897
898 sslcacert
899 string
900
901 Path to the file containing the certificate authorities to ver‐
902 ify SSL certificates. Empty by default - uses system default.
903
904 sslverify
905 boolean
906
907 When enabled, remote SSL certificates are verified. If the
908 client can not be authenticated, connecting fails and the repos‐
909 itory is not used any further. If False, SSL connections can be
910 used, but certificates are not verified. Default is True.
911
912 sslverifystatus
913 boolean
914
915 When enabled, revocation status of the server certificate is
916 verified using the "Certificate Status Request" TLS extension
917 (aka. OCSP stapling). Default is False.
918
919 sslclientcert
920 string
921
922 Path to the SSL client certificate used to connect to remote
923 sites. Empty by default.
924
925 sslclientkey
926 string
927
928 Path to the SSL client key used to connect to remote sites.
929 Empty by default.
930
931 throttle
932 storage size
933
934 Limits the downloading speed. It might be an absolute value or a
935 percentage, relative to the value of the bandwidth option op‐
936 tion. 0 means no throttling (the default). The absolute value is
937 in bytes by default but can be specified with a unit of storage.
938 Valid units are 'k', 'M', 'G'.
939
940 timeout
941 time in seconds
942
943 Number of seconds to wait for a connection before timing out.
944 Used in combination with minrate option option. Defaults to 30
945 seconds.
946
947 username
948 string
949
950 The username to use for connecting to repo with basic HTTP au‐
951 thentication. Empty by default.
952
953 user_agent
954 string
955
956 The User-Agent string to include in HTTP requests sent by DNF.
957 Defaults to
958
959 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
960
961 where NAME, VERSION_ID and VARIANT_ID are OS identifiers read
962 from the os-release(5) file, and OS and BASEARCH are the canoni‐
963 cal OS name and base architecture, respectively. Example:
964
965 libdnf (Fedora 31; server; Linux.x86_64)
966
968 boolean
969 This is a data type with only two possible values.
970
971 One of following options can be used: 1, 0, True, False, yes, no
972
973 integer
974 It is a whole number that can be written without a fractional
975 component.
976
977 list It is an option that could represent one or more strings sepa‐
978 rated by space or comma characters.
979
980 string It is a sequence of symbols or digits without any whitespace
981 character.
982
983 color A string describing color and modifiers separated with a comma,
984 for example "red,bold".
985
986 • Colors: black, blue, cyan, green, magenta, red, white, yellow
987
988 • Modifiers: bold, blink, dim, normal, reverse, underline
989
991 Cache Files
992 /var/cache/dnf
993
994 Main Configuration File
995 /etc/dnf/dnf.conf
996
997 Repository
998 /etc/yum.repos.d/
999
1000 Variables
1001 Any properly named file in /etc/dnf/vars is turned into a vari‐
1002 able named after the filename (or overrides any of the above
1003 variables but those set from commandline). Filenames may contain
1004 only alphanumeric characters and underscores and be in lower‐
1005 case. Variables are also read from /etc/yum/vars for YUM com‐
1006 patibility reasons.
1007
1009 • dnf(8), DNF Command Reference
1010
1012 See AUTHORS in DNF source distribution.
1013
1015 2012-2021, Red Hat, Licensed under GPLv2+
1016
1017
1018
1019
10204.7.0 May 13, 2021 DNF.CONF(5)