1DNF.CONF(5) DNF DNF.CONF(5)
2
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case al‐
23 phabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 Configuration options, namely best and skip_if_unavailable, can be set
29 in the DNF configuration file by your distribution to override the DNF
30 defaults.
31
33 allow_vendor_change
34 boolean
35 If disabled dnf will stick to vendor when upgrading or downgrad‐
37 ing rpms. Default is True
38 WARNING:
40 This option is currently not supported for downgrade and dis‐
41 tro-sync commands
42 arch string
44 The architecture used for installing packages. By default this
46 is auto-detected. Often used together with ignorearch option.
47 assumeno
49 boolean
50 If enabled dnf will assume No where it would normally prompt for
52 confirmation from user input. Default is False.
53 assumeyes
55 boolean
56 If enabled dnf will assume Yes where it would normally prompt
58 for confirmation from user input (see also defaultyes). Default
59 is False.
60 autocheck_running_kernel
62 boolean
63 Automatic check whether there is installed newer kernel module
65 with security update than currently running kernel. Default is
66 True.
67 basearch
69 string
70 The base architecture used for installing packages. By default
72 this is auto-detected.
73 best boolean
75 True instructs the solver to either use a package with the high‐
77 est available version or fail. On False, do not fail if the lat‐
78 est version cannot be installed and go with the lower version.
79 The default is False. Note this option in particular can be set
80 in your configuration file by your distribution. Also note that
81 the use of the highest available version is only guaranteed for
82 the packages directly requested and not for their dependencies.
83 cachedir
85 string
86 Path to a directory used by various DNF subsystems for storing
88 cache data. Has a reasonable root-writable default depending on
89 the distribution. DNF needs to be able to create files and di‐
90 rectories at this location.
91 cacheonly
93 boolean
94 If set to True DNF will run entirely from system cache, will not
96 update the cache and will use it even in case it is expired. De‐
97 fault is False.
98 check_config_file_age
100 boolean
101 Specifies whether dnf should automatically expire metadata of
103 repos, which are older than their corresponding configuration
104 file (usually the dnf.conf file and the foo.repo file). Default
105 is True (perform the check). Expire of metadata is also affected
106 by metadata age. See also metadata_expire.
107 clean_requirements_on_remove
109 boolean
110 Remove dependencies that are no longer used during dnf remove. A
112 package only qualifies for removal via clean_requirements_on_re‐
113 move if it was installed through DNF but not on explicit user
114 request, i.e. it was pulled in as a dependency. The default is
115 True. (installonlypkgs are never automatically removed.)
116 config_file_path
118 string
119 Path to the default main configuration file. Default is
121 /etc/dnf/dnf.conf.
122 debuglevel
124 integer
125 Debug messages output level, in the range 0 to 10. The higher
127 the number the more debug output is put to stdout. Default is 2.
128 debug_solver
130 boolean
131 Controls whether the libsolv debug files should be created when
133 solving the transaction. The debug files are created in the
134 ./debugdata directory. Default is False.
135 defaultyes
137 boolean
138 If enabled the default answer to user confirmation prompts will
140 be Yes. Not to be confused with assumeyes which will not prompt
141 at all. Default is False.
142 diskspacecheck
144 boolean
145 Controls wheather rpm shoud check available disk space during
147 the transaction. Default is True.
148 errorlevel
150 integer
151 Error messages output level, in the range 0 to 10. The higher
153 the number the more error output is put to stderr. Default is 3.
154 This is deprecated in DNF and overwritten by --verbose command‐
155 line option.
156 exit_on_lock
158 boolean
159 Should the dnf client exit immediately when something else has
161 the lock. Default is False.
162 gpgkey_dns_verification
164 boolean
165 Should the dnf attempt to automatically verify GPG verification
167 keys using the DNS system. This option requires the unbound
168 python module (python3-unbound) to be installed on the client
169 system. This system has two main features. The first one is to
170 check if any of the already installed keys have been revoked.
171 Automatic removal of the key is not yet available, so it is up
172 to the user, to remove revoked keys from the system. The second
173 feature is automatic verification of new keys when a repository
174 is added to the system. In interactive mode, the result is writ‐
175 ten to the output as a suggestion to the user. In non-interac‐
176 tive mode (i.e. when -y is used), this system will automatically
177 accept keys that are available in the DNS and are correctly
178 signed using DNSSEC. It will also accept keys that do not exist
179 in the DNS system and their NON-existence is cryptographically
180 proven using DNSSEC. This is mainly to preserve backward compat‐
181 ibility. Default is False.
182 group_package_types
184 list
185 List of the following: optional, default, mandatory. Tells dnf
187 which type of packages in groups will be installed when
188 'groupinstall' is called. Default is: default, mandatory.
189 ignorearch
191 boolean
192 If set to True, RPM will allow attempts to install packages in‐
194 compatible with the CPU's architecture. Defaults to False. Often
195 used together with arch option.
196 installonlypkgs
198 list
199 List of provide names of packages that should only ever be in‐
201 stalled, never upgraded. Kernels in particular fall into this
202 category. These packages are never removed by dnf autoremove
203 even if they were installed as dependencies (see
204 clean_requirements_on_remove for auto removal details). This
205 option append the list values to the default installonlypkgs
206 list used by DNF. The number of kept package versions is regu‐
207 lated by installonly_limit.
208 installonly_limit
210 integer
211 Number of installonly packages allowed to be installed concur‐
213 rently. Defaults to 3. The minimal number of installonly pack‐
214 ages is 2. Value 0 means unlimited number of installonly pack‐
215 ages. Value 1 is explicitely not allowed since it complicates
216 kernel upgrades due to protection of the running kernel from re‐
217 moval.
218 installroot
220 string
221 The root of the filesystem for all packaging operations. It re‐
223 quires an absolute path. See also --installroot commandline op‐
224 tion.
225 install_weak_deps
227 boolean
228 When this option is set to True and a new package is about to be
230 installed, all packages linked by weak dependency relation (Rec‐
231 ommends or Supplements flags) with this package will be pulled
232 into the transaction. Default is True.
233 keepcache
235 boolean
236 Keeps downloaded packages in the cache when set to True. Even if
238 it is set to False and packages have not been installed they
239 will still persist until next successful transaction. The de‐
240 fault is False.
241 logdir string
243 Directory where the log files will be stored. Default is
245 /var/log.
246 logfilelevel
248 integer
249 Log file messages output level, in the range 0 to 10. The higher
251 the number the more debug output is put to logs. Default is 9.
252 This option controls dnf.log, dnf.librepo.log and hawkey.log.
254 Although dnf.librepo.log and hawkey.log are affected only by
255 setting the logfilelevel to 10.
256 log_compress
258 boolean
259 When set to True, log files are compressed when they are ro‐
261 tated. Default is False.
262 log_rotate
264 integer
265 Log files are rotated log_rotate times before being removed. If
267 log_rotate is 0, the rotation is not performed. Default is 4.
268 log_size
270 storage size
271 Log files are rotated when they grow bigger than log_size
273 bytes. If log_size is 0, the rotation is not performed. The de‐
274 fault is 1 MB. Valid units are 'k', 'M', 'G'.
275 The size applies for individual log files, not the sum of all
277 log files. See also log_rotate.
278 metadata_timer_sync
280 time in seconds
281 The minimal period between two consecutive makecache timer runs.
283 The command will stop immediately if it's less than this time
284 period since its last run. Does not affect simple makecache run.
285 Use 0 to completely disable automatic metadata synchronizing.
286 The default corresponds to three hours. The value is rounded to
287 the next commenced hour.
288 module_obsoletes
290 boolean
291 This option controls whether dnf should apply modular obsoletes
293 when possible.
294 module_platform_id
296 string
297 Set this to $name:$stream to override PLATFORM_ID detected from
299 /etc/os-release. It is necessary to perform a system upgrade
300 and switch to a new platform.
301 module_stream_switch
303 boolean
304 This option controls whether it's possible to switch enabled
306 streams of a module.
307 multilib_policy
309 string
310 Controls how multilib packages are treated during install opera‐
312 tions. Can either be "best" (the default) for the depsolver to
313 prefer packages which best match the system's architecture, or
314 "all" to install all available packages with compatible archi‐
315 tectures.
316 obsoletes
318 boolean
319 This option only has affect during an install/update. It enables
321 dnf's obsoletes processing logic, which means it makes dnf check
322 whether any dependencies of given package are no longer required
323 and removes them. Useful when doing distribution level up‐
324 grades. Default is 'true'.
325 Command-line option: --obsoletes
327 persistdir
329 string
330 Directory where DNF stores its persistent data between runs. De‐
332 fault is "/var/lib/dnf".
333 pluginconfpath
335 list
336 List of directories that are searched for plugin configurations
338 to load. All configuration files found in these directories,
339 that are named same as a plugin, are parsed. The default path is
340 /etc/dnf/plugins.
341 pluginpath
343 list
344 List of directories that are searched for plugins to load. Plug‐
346 ins found in any of the directories in this configuration option
347 are used. The default contains a Python version-specific path.
348 plugins
350 boolean
351 Controls whether the plugins are enabled. Default is True.
353 protected_packages
355 list
356 List of packages that DNF should never completely remove. They
358 are protected via Obsoletes as well as user/plugin removals.
359 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
361 glob:/etc/dnf/protected.d/*.conf. So any packages which should
362 be protected can do so by including a file in /etc/dnf/pro‐
363 tected.d with their package name in it.
364 DNF will protect also the package corresponding to the running
366 version of the kernel. See also protect_running_kernel option.
367 protect_running_kernel
369 boolean
370 Controls whether the package corresponding to the running ver‐
372 sion of kernel is protected from removal. Default is True.
373 releasever
375 string
376 Used for substitution of $releasever in the repository configu‐
378 ration. See also repo variables.
379 reposdir
381 list
382 DNF searches for repository configuration files in the paths
384 specified by reposdir. The behavior of reposdir could differ
385 when it is used along with --installroot option.
386 rpmverbosity
388 string
389 RPM debug scriptlet output level. One of: critical, emergency,
391 error, warn, info or debug. Default is info.
392 strict boolean
394 If disabled, all unavailable packages or packages with broken
396 dependencies given to DNF command will be skipped without rais‐
397 ing the error causing the whole operation to fail. Currently
398 works for install command only. The default is True.
399 tsflags
401 list
402 List of strings adding extra flags for the RPM transaction.
404 ┌─────────────┬────────────────────────────┐
406 │tsflag value │ RPM Transaction Flag │
407 ├─────────────┼────────────────────────────┤
408 │noscripts │ RPMTRANS_FLAG_NOSCRIPTS │
409 ├─────────────┼────────────────────────────┤
410 │test │ RPMTRANS_FLAG_TEST │
411 ├─────────────┼────────────────────────────┤
412 │notriggers │ RPMTRANS_FLAG_NOTRIGGERS │
413 ├─────────────┼────────────────────────────┤
414 │nodocs │ RPMTRANS_FLAG_NODOCS │
415 ├─────────────┼────────────────────────────┤
416 │justdb │ RPMTRANS_FLAG_JUSTDB │
417 ├─────────────┼────────────────────────────┤
418 │nocontexts │ RPMTRANS_FLAG_NOCONTEXTS │
419 ├─────────────┼────────────────────────────┤
420 │nocaps │ RPMTRANS_FLAG_NOCAPS │
421 ├─────────────┼────────────────────────────┤
422 │nocrypto │ RPMTRANS_FLAG_NOFILEDIGEST │
423 └─────────────┴────────────────────────────┘
424 The nocrypto option will also set the _RPMVSF_NOSIGNATURES and
426 _RPMVSF_NODIGESTS VS flags. The test option provides a transac‐
427 tion check without performing the transaction. It includes down‐
428 loading of packages, gpg keys check (including permanent import
429 of additional keys if necessary), and rpm check to prevent file
430 conflicts. The nocaps is supported with rpm-4.14 or later. When
431 nocaps is used but rpm doesn't support it, DNF only reports it
432 as an invalid tsflag.
433 upgrade_group_objects_upgrade
435 boolean
436 Set this to False to disable the automatic running of group up‐
438 grade when running the upgrade command. Default is True (perform
439 the operation).
440 varsdir
442 list
443 List of directories where variables definition files are looked
445 for. Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
446 files in Configuration reference.
447 zchunk boolean
449 Enables or disables the use of repository metadata compressed
451 using the zchunk format (if available). Default is True.
452
454 color string
455 Controls if DNF uses colored output on the command line. Possi‐
457 ble values: "auto", "never", "always". Default is "auto".
458 color_list_available_downgrade
460 color
461 Color of available packages that are older than installed pack‐
463 ages. The option is used during list operations. Default is ma‐
464 genta.
465 color_list_available_install
467 color
468 Color of packages that are available for installation and none
470 of their versions in installed. The option is used during list
471 operations. Default is bold,cyan.
472 color_list_available_reinstall
474 color
475 Color of available packages that are identical to installed ver‐
477 sions and are available for reinstalls. Default is bold,under‐
478 line,green. The option is used during list operations.
479 color_list_available_upgrade
481 color
482 Color of available packages that are newer than installed pack‐
484 ages. Default is bold,blue. The option is used during list op‐
485 erations.
486 color_list_installed_extra
488 color
489 Color of installed packages that do not have any version among
491 available packages. The option is used during list operations.
492 Default is bold,red.
493 color_list_installed_newer
495 color
496 Color of installed packages that are newer than any version
498 among available packages. The option is used during list opera‐
499 tions. Default is bold,yellow.
500 color_list_installed_older
502 color
503 Color of installed packages that are older than any version
505 among available packages. The option is used during list opera‐
506 tions. Default is yellow.
507 color_list_installed_reinstall
509 color
510 Color of installed packages that are among available packages
512 and can be reinstalled. The option is used during list opera‐
513 tions. Default is cyan.
514 color_search_match
516 color
517 Color of patterns matched in search output. Default is bold,ma‐
519 genta.
520 color_update_installed
522 color
523 Color of removed packages. Default is red. This option is used
525 during displaying transactions.
526 color_update_local
528 color
529 Color of local packages that are installed from the @commandline
531 repository. This option is used during displaying transactions.
532 Default is green.
533 color_update_remote
535 color
536 Color of packages that are installed/upgraded/downgraded from
538 remote repositories. This option is used during displaying
539 transactions. Default is bold,green.
540
542 baseurl
543 list
544 List of URLs for the repository. Defaults to [].
546 URLs are tried in the listed order (equivalent to yum's
548 "failovermethod=priority" behaviour).
549 cost integer
551 The relative cost of accessing this repository, defaulting to
553 1000. This value is compared when the priorities of two reposi‐
554 tories are the same. The repository with the lowest cost is
555 picked. It is useful to make the library prefer on-disk reposi‐
556 tories to remote ones.
557 enabled
559 boolean
560 Include this repository as a package source. The default is
562 True.
563 gpgkey list of strings
565 URLs of a GPG key files that can be used for signing metadata
567 and packages of this repository, empty by default. If a file can
568 not be verified using the already imported keys, import of keys
569 from this option is attempted and the keys are then used for
570 verification.
571 metalink
573 string
574 URL of a metalink for the repository. Defaults to None.
576 mirrorlist
578 string
579 URL of a mirrorlist for the repository. Defaults to None.
581 module_hotfixes
583 boolean
584 Set this to True to disable module RPM filtering and make all
586 RPMs from the repository available. The default is False. This
587 allows user to create a repository with cherry-picked hotfixes
588 that are included in a package set on a modular system.
589 name string
591 A human-readable name of the repository. Defaults to the ID of
593 the repository.
594 priority
596 integer
597 The priority value of this repository, default is 99. If there
599 is more than one candidate package for a particular operation,
600 the one from a repo with the lowest priority value is picked,
601 possibly despite being less convenient otherwise (e.g. by being
602 a lower version).
603 type string
605 Type of repository metadata. Supported values are: rpm-md.
607 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
608
610 Right side of every repo option can be enriched by the following vari‐
611 ables:
612 $arch
614 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
615 x86_64.
616 $basearch
618 Refers to the base architecture of the system. For example, i686 and
619 i586 machines both have a base architecture of i386, and AMD64 and
620 Intel64 machines have a base architecture of x86_64.
621 $releasever
623 Refers to the release version of operating system which DNF derives
624 from information available in RPMDB.
625 In addition to these hard coded variables, user-defined ones can also
627 be used. They can be defined either via variable files, or by using
628 special environmental variables. The names of these variables must be
629 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
630 acters and underscores:
631 $ DNF_VAR_MY_VARIABLE=value
633 To use such variable in your repository configuration remove the pre‐
635 fix. E.g.:
636 [myrepo]
638 baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
639 Note that it is not possible to override the arch and basearch vari‐
641 ables using either variable files or environmental variables.
642 Although users are encouraged to use named variables, the numbered en‐
644 vironmental variables DNF0 - DNF9 are still supported:
645 $ DNF1=value
647 [myrepo]
649 baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
650
652 Some options can be applied in either the main section, per repository,
653 or in a combination. The value provided in the main section is used for
654 all repositories as the default value, which repositories can then
655 override in their configuration.
656 bandwidth
658 storage size
659 Total bandwidth available for downloading. Meaningful when used
661 with the throttle option. Storage size is in bytes by default
662 but can be specified with a unit of storage. Valid units are
663 'k', 'M', 'G'.
664 countme
666 boolean
667 Determines whether a special flag should be added to a single,
669 randomly chosen metalink/mirrorlist query each week. This al‐
670 lows the repository owner to estimate the number of systems con‐
671 suming it, by counting such queries over a week's time, which is
672 much more accurate than just counting unique IP addresses (which
673 is subject to both overcounting and undercounting due to short
674 DHCP leases and NAT, respectively).
675 The flag is a simple "countme=N" parameter appended to the met‐
677 alink and mirrorlist URL, where N is an integer representing the
678 "longevity" bucket this system belongs to. The following 4
679 buckets are defined, based on how many full weeks have passed
680 since the beginning of the week when this system was installed:
681 1 = first week, 2 = first month (2-4 weeks), 3 = six months
682 (5-24 weeks) and 4 = more than six months (> 24 weeks). This
683 information is meant to help distinguish short-lived installs
684 from long-term ones, and to gather other statistics about system
685 lifecycle.
686 Default is False.
688 deltarpm
690 boolean
691 When enabled, DNF will save bandwidth by downloading much
693 smaller delta RPM files, rebuilding them to RPM locally. How‐
694 ever, this is quite CPU and I/O intensive. Default is True.
695 deltarpm_percentage
697 integer
698 When the relative size of delta vs pkg is larger than this,
700 delta is not used. Default value is 75 (Deltas must be at least
701 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
702 ing. Local repositories (with file:// baseurl) have delta rpms
703 turned off by default.
704 enablegroups
706 boolean
707 Determines whether DNF will allow the use of package groups for
709 this repository. Default is True (package groups are allowed).
710 excludepkgs
712 list
713 Exclude packages of this repository, specified by a name or a
715 glob and separated by a comma, from all operations. Can be dis‐
716 abled using --disableexcludes command line switch. Defaults to
717 [].
718 fastestmirror
720 boolean
721 If enabled a metric is used to find the fastest available mir‐
723 ror. This overrides the order provided by the mirrorlist/met‐
724 alink file itself. This file is often dynamically generated by
725 the server to provide the best download speeds and enabling
726 fastestmirror overrides this. The default is False.
727 gpgcheck
729 boolean
730 Whether to perform GPG signature check on packages found in this
732 repository. The default is False.
733 This option can only be used to strengthen the active RPM secu‐
735 rity policy set with the %_pkgverify_level macro (see the
736 /usr/lib/rpm/macros file for details). That means, if the macro
737 is set to 'signature' or 'all' and this option is False, it will
738 be overridden to True during DNF runtime, and a warning will be
739 printed. To squelch the warning, make sure this option is True
740 for every enabled repository, and also enable localpkg_gpgcheck.
741 includepkgs
743 list
744 Include packages of this repository, specified by a name or a
746 glob and separated by a comma, in all operations. Inverse of
747 excludepkgs, DNF will exclude any package in the repository that
748 doesn't match this list. This works in conjunction with ex‐
749 cludepkgs and doesn't override it, so if you 'excludep‐
750 kgs=*.i386' and 'includepkgs=python*' then only packages start‐
751 ing with python that do not have an i386 arch will be seen by
752 DNF in this repo. Can be disabled using --disableexcludes com‐
753 mand line switch. Defaults to [].
754 ip_resolve
756 IP address type
757 Determines how DNF resolves host names. Set this to '4'/'IPv4'
759 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By de‐
760 fault, DNF resolves to either addresses.
761 localpkg_gpgcheck
763 boolean
764 Whether to perform a GPG signature check on local packages
766 (packages in a file, not in a repository). The default is
767 False. This option is subject to the active RPM security policy
768 (see gpgcheck for more details).
769 max_parallel_downloads
771 integer
772 Maximum number of simultaneous package downloads. Defaults to 3.
774 Maximum of 20.
775 metadata_expire
777 time in seconds
778 The period after which the remote repository is checked for
780 metadata update and in the positive case the local metadata
781 cache is updated. The default corresponds to 48 hours. Set this
782 to -1 or never to make the repo never considered expired. Expire
783 of metadata can be also triggered by change of timestamp of con‐
784 figuration files (dnf.conf, <repo>.repo). See also
785 check_config_file_age.
786 minrate
788 storage size
789 This sets the low speed threshold in bytes per second. If the
791 server is sending data at the same or slower speed than this
792 value for at least timeout option seconds, DNF aborts the con‐
793 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
794 password
796 string
797 The password to use for connecting to a repository with basic
799 HTTP authentication. Empty by default.
800 proxy string
802 URL of a proxy server to connect through. Set to an empty string
804 to disable the proxy setting inherited from the main section and
805 use direct connection instead. The expected format of this op‐
806 tion is <scheme>://<ip-or-hostname>[:port]. (For backward com‐
807 patibility, '_none_' can be used instead of the empty string.)
808 Note: The curl environment variables (such as http_proxy) are
810 effective if this option is unset. See the curl man page for de‐
811 tails.
812 proxy_username
814 string
815 The username to use for connecting to the proxy server. Empty by
817 default.
818 proxy_password
820 string
821 The password to use for connecting to the proxy server. Empty by
823 default.
824 proxy_auth_method
826 string
827 The authentication method used by the proxy server. Valid values
829 are
830 ┌──────────┬────────────────────────────┐
832 │method │ meaning │
833 ├──────────┼────────────────────────────┤
834 │basic │ HTTP Basic authentication │
835 ├──────────┼────────────────────────────┤
836 │digest │ HTTP Digest authentication │
837 ├──────────┼────────────────────────────┤
838 │negotiate │ HTTP Negotiate (SPNEGO) │
839 │ │ authentication │
840 ├──────────┼────────────────────────────┤
841 │ntlm │ HTTP NTLM authentication │
842 ├──────────┼────────────────────────────┤
843 │digest_ie │ HTTP Digest authentication │
844 │ │ with an IE flavor │
845 ├──────────┼────────────────────────────┤
846 │ntlm_wb │ NTLM delegating to winbind │
847 │ │ helper │
848 ├──────────┼────────────────────────────┤
849 │none │ None auth method │
850 ├──────────┼────────────────────────────┤
851 │any │ All suitable methods │
852 └──────────┴────────────────────────────┘
853 Defaults to any
855 proxy_sslcacert
857 string
858 Path to the file containing the certificate authorities to ver‐
860 ify proxy SSL certificates. Empty by default - uses system de‐
861 fault.
862 proxy_sslverify
864 boolean
865 When enabled, proxy SSL certificates are verified. If the client
867 can not be authenticated, connecting fails and the repository is
868 not used any further. If False, SSL connections can be used, but
869 certificates are not verified. Default is True.
870 proxy_sslclientcert
872 string
873 Path to the SSL client certificate used to connect to proxy
875 server. Empty by default.
876 proxy_sslclientkey
878 string
879 Path to the SSL client key used to connect to proxy server.
881 Empty by default.
882 repo_gpgcheck
884 boolean
885 Whether to perform GPG signature check on this repository's
887 metadata. The default is False.
888 retries
890 integer
891 Set the number of total retries for downloading packages. The
893 number is accumulative, so e.g. for retries=10, dnf will fail
894 after any package download fails for eleventh time. Setting this
895 to 0 makes dnf try forever. Default is 10.
896 skip_if_unavailable
898 boolean
899 If enabled, DNF will continue running and disable the repository
901 that couldn't be synchronized for any reason. This option
902 doesn't affect skipping of unavailable packages after dependency
903 resolution. To check inaccessibility of repository use it in
904 combination with refresh command line option. The default is
905 False. Note this option in particular can be set in your con‐
906 figuration file by your distribution.
907 sslcacert
909 string
910 Path to the file containing the certificate authorities to ver‐
912 ify SSL certificates. Empty by default - uses system default.
913 sslverify
915 boolean
916 When enabled, remote SSL certificates are verified. If the
918 client can not be authenticated, connecting fails and the repos‐
919 itory is not used any further. If False, SSL connections can be
920 used, but certificates are not verified. Default is True.
921 sslverifystatus
923 boolean
924 When enabled, revocation status of the server certificate is
926 verified using the "Certificate Status Request" TLS extension
927 (aka. OCSP stapling). Default is False.
928 sslclientcert
930 string
931 Path to the SSL client certificate used to connect to remote
933 sites. Empty by default.
934 sslclientkey
936 string
937 Path to the SSL client key used to connect to remote sites.
939 Empty by default.
940 throttle
942 storage size
943 Limits the downloading speed. It might be an absolute value or a
945 percentage, relative to the value of the bandwidth option op‐
946 tion. 0 means no throttling (the default). The absolute value is
947 in bytes by default but can be specified with a unit of storage.
948 Valid units are 'k', 'M', 'G'.
949 timeout
951 time in seconds
952 Number of seconds to wait for a connection before timing out.
954 Used in combination with minrate option option. Defaults to 30
955 seconds.
956 username
958 string
959 The username to use for connecting to repo with basic HTTP au‐
961 thentication. Empty by default.
962 user_agent
964 string
965 The User-Agent string to include in HTTP requests sent by DNF.
967 Defaults to
968 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
970 where NAME, VERSION_ID and VARIANT_ID are OS identifiers read
972 from the os-release(5) file, and OS and BASEARCH are the canoni‐
973 cal OS name and base architecture, respectively. Example:
974 libdnf (Fedora 31; server; Linux.x86_64)
976
978 boolean
979 This is a data type with only two possible values.
980 One of following options can be used: 1, 0, True, False, yes, no
982 integer
984 It is a whole number that can be written without a fractional
985 component.
986 list It is an option that could represent one or more strings sepa‐
988 rated by space or comma characters.
989 string It is a sequence of symbols or digits without any whitespace
991 character.
992 color A string describing color and modifiers separated with a comma,
994 for example "red,bold".
995 • Colors: black, blue, cyan, green, magenta, red, white, yellow
997 • Modifiers: bold, blink, dim, normal, reverse, underline
999
1001 Cache Files
1002 /var/cache/dnf
1003 Main Configuration File
1005 /etc/dnf/dnf.conf
1006 Repository
1008 /etc/yum.repos.d/
1009 Variables
1011 Any properly named file in /etc/dnf/vars is turned into a vari‐
1012 able named after the filename (or overrides any of the above
1013 variables but those set from commandline). Filenames may contain
1014 only alphanumeric characters and underscores and be in lower‐
1015 case. Variables are also read from /etc/yum/vars for YUM com‐
1016 patibility reasons.
1017
1019 • dnf(8), DNF Command Reference
1020
1022 See AUTHORS in DNF source distribution.
1023
1025 2012-2021, Red Hat, Licensed under GPLv2+
10264.9.0 Sep 23, 2021 DNF.CONF(5)