1DNF.CONF(5) DNF DNF.CONF(5)
2
3
4
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13
14 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18
19 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case al‐
23 phabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 Configuration options, namely best and skip_if_unavailable, can be set
29 in the DNF configuration file by your distribution to override the DNF
30 defaults.
31
33 allow_vendor_change
34 boolean
35
36 If disabled dnf will stick to vendor when upgrading or downgrad‐
37 ing rpms. Default is True
38
39 WARNING:
40 This option is currently not supported for downgrade and dis‐
41 tro-sync commands
42
43 arch string
44
45 The architecture used for installing packages. By default this
46 is auto-detected. Often used together with ignorearch option.
47
48 assumeno
49 boolean
50
51 If enabled dnf will assume No where it would normally prompt for
52 confirmation from user input. Default is False.
53
54 assumeyes
55 boolean
56
57 If enabled dnf will assume Yes where it would normally prompt
58 for confirmation from user input (see also defaultyes). Default
59 is False.
60
61 autocheck_running_kernel
62 boolean
63
64 Automatic check whether there is installed newer kernel module
65 with security update than currently running kernel. Default is
66 True.
67
68 basearch
69 string
70
71 The base architecture used for installing packages. By default
72 this is auto-detected.
73
74 best boolean
75
76 True instructs the solver to either use a package with the high‐
77 est available version or fail. On False, do not fail if the lat‐
78 est version cannot be installed and go with the lower version.
79 The default is False. Note this option in particular can be set
80 in your configuration file by your distribution. Also note that
81 the use of the highest available version is only guaranteed for
82 the packages directly requested and not for their dependencies.
83
84 cachedir
85 string
86
87 Path to a directory used by various DNF subsystems for storing
88 cache data. Has a reasonable root-writable default depending on
89 the distribution. DNF needs to be able to create files and di‐
90 rectories at this location.
91
92 cacheonly
93 boolean
94
95 If set to True DNF will run entirely from system cache, will not
96 update the cache and will use it even in case it is expired. De‐
97 fault is False.
98
99 check_config_file_age
100 boolean
101
102 Specifies whether dnf should automatically expire metadata of
103 repos, which are older than their corresponding configuration
104 file (usually the dnf.conf file and the foo.repo file). Default
105 is True (perform the check). Expire of metadata is also affected
106 by metadata age. See also metadata_expire.
107
108 clean_requirements_on_remove
109 boolean
110
111 Remove dependencies that are no longer used during dnf remove. A
112 package only qualifies for removal via clean_requirements_on_re‐
113 move if it was installed through DNF but not on explicit user
114 request, i.e. it was pulled in as a dependency. The default is
115 True. (installonlypkgs are never automatically removed.)
116
117 config_file_path
118 string
119
120 Path to the default main configuration file. Default is
121 /etc/dnf/dnf.conf.
122
123 debuglevel
124 integer
125
126 Debug messages output level, in the range 0 to 10. The higher
127 the number the more debug output is put to stdout. Default is 2.
128
129 debug_solver
130 boolean
131
132 Controls whether the libsolv debug files should be created when
133 solving the transaction. The debug files are created in the
134 ./debugdata directory. Default is False.
135
136 defaultyes
137 boolean
138
139 If enabled the default answer to user confirmation prompts will
140 be Yes. Not to be confused with assumeyes which will not prompt
141 at all. Default is False.
142
143 diskspacecheck
144 boolean
145
146 Controls wheather rpm shoud check available disk space during
147 the transaction. Default is True.
148
149 errorlevel
150 integer
151
152 Error messages output level, in the range 0 to 10. The higher
153 the number the more error output is put to stderr. Default is 3.
154 This is deprecated in DNF and overwritten by --verbose command‐
155 line option.
156
157 exit_on_lock
158 boolean
159
160 Should the dnf client exit immediately when something else has
161 the lock. Default is False.
162
163 gpgkey_dns_verification
164 boolean
165
166 Should the dnf attempt to automatically verify GPG verification
167 keys using the DNS system. This option requires the unbound
168 python module (python3-unbound) to be installed on the client
169 system. This system has two main features. The first one is to
170 check if any of the already installed keys have been revoked.
171 Automatic removal of the key is not yet available, so it is up
172 to the user, to remove revoked keys from the system. The second
173 feature is automatic verification of new keys when a repository
174 is added to the system. In interactive mode, the result is writ‐
175 ten to the output as a suggestion to the user. In non-interac‐
176 tive mode (i.e. when -y is used), this system will automatically
177 accept keys that are available in the DNS and are correctly
178 signed using DNSSEC. It will also accept keys that do not exist
179 in the DNS system and their NON-existence is cryptographically
180 proven using DNSSEC. This is mainly to preserve backward compat‐
181 ibility. Default is False.
182
183 group_package_types
184 list
185
186 List of the following: optional, default, mandatory. Tells dnf
187 which type of packages in groups will be installed when
188 'groupinstall' is called. Default is: default, mandatory.
189
190 ignorearch
191 boolean
192
193 If set to True, RPM will allow attempts to install packages in‐
194 compatible with the CPU's architecture. Defaults to False. Often
195 used together with arch option.
196
197 installonlypkgs
198 list
199
200 List of provide names of packages that should only ever be in‐
201 stalled, never upgraded. Kernels in particular fall into this
202 category. These packages are never removed by dnf autoremove
203 even if they were installed as dependencies (see
204 clean_requirements_on_remove for auto removal details). This
205 option append the list values to the default installonlypkgs
206 list used by DNF. The number of kept package versions is regu‐
207 lated by installonly_limit.
208
209 installonly_limit
210 integer
211
212 Number of installonly packages allowed to be installed concur‐
213 rently. Defaults to 3. The minimal number of installonly pack‐
214 ages is 2. Value 0 means unlimited number of installonly pack‐
215 ages. Value 1 is explicitely not allowed since it complicates
216 kernel upgrades due to protection of the running kernel from re‐
217 moval.
218
219 installroot
220 string
221
222 The root of the filesystem for all packaging operations. It re‐
223 quires an absolute path. See also --installroot commandline op‐
224 tion.
225
226 install_weak_deps
227 boolean
228
229 When this option is set to True and a new package is about to be
230 installed, all packages linked by weak dependency relation (Rec‐
231 ommends or Supplements flags) with this package will be pulled
232 into the transaction. Default is True.
233
234 keepcache
235 boolean
236
237 Keeps downloaded packages in the cache when set to True. Even if
238 it is set to False and packages have not been installed they
239 will still persist until next successful transaction. The de‐
240 fault is False.
241
242 logdir string
243
244 Directory where the log files will be stored. Default is
245 /var/log.
246
247 logfilelevel
248 integer
249
250 Log file messages output level, in the range 0 to 10. The higher
251 the number the more debug output is put to logs. Default is 9.
252
253 This option controls dnf.log, dnf.librepo.log and hawkey.log.
254 Although dnf.librepo.log and hawkey.log are affected only by
255 setting the logfilelevel to 10.
256
257 log_compress
258 boolean
259
260 When set to True, log files are compressed when they are ro‐
261 tated. Default is False.
262
263 log_rotate
264 integer
265
266 Log files are rotated log_rotate times before being removed. If
267 log_rotate is 0, the rotation is not performed. Default is 4.
268
269 log_size
270 storage size
271
272 Log files are rotated when they grow bigger than log_size
273 bytes. If log_size is 0, the rotation is not performed. The de‐
274 fault is 1 MB. Valid units are 'k', 'M', 'G'.
275
276 The size applies for individual log files, not the sum of all
277 log files. See also log_rotate.
278
279 metadata_timer_sync
280 time in seconds
281
282 The minimal period between two consecutive makecache timer runs.
283 The command will stop immediately if it's less than this time
284 period since its last run. Does not affect simple makecache run.
285 Use 0 to completely disable automatic metadata synchronizing.
286 The default corresponds to three hours. The value is rounded to
287 the next commenced hour.
288
289 module_obsoletes
290 boolean
291
292 This option controls whether dnf should apply modular obsoletes
293 when possible.
294
295 module_platform_id
296 string
297
298 Set this to $name:$stream to override PLATFORM_ID detected from
299 /etc/os-release. It is necessary to perform a system upgrade
300 and switch to a new platform.
301
302 module_stream_switch
303 boolean
304
305 This option controls whether it's possible to switch enabled
306 streams of a module.
307
308 multilib_policy
309 string
310
311 Controls how multilib packages are treated during install opera‐
312 tions. Can either be "best" (the default) for the depsolver to
313 prefer packages which best match the system's architecture, or
314 "all" to install all available packages with compatible archi‐
315 tectures.
316
317 obsoletes
318 boolean
319
320 This option only has affect during an install/update. It enables
321 dnf's obsoletes processing logic, which means it makes dnf check
322 whether any dependencies of given package are no longer required
323 and removes them. Useful when doing distribution level up‐
324 grades. Default is 'true'.
325
326 Command-line option: --obsoletes
327
328 persistdir
329 string
330
331 Directory where DNF stores its persistent data between runs. De‐
332 fault is "/var/lib/dnf".
333
334 pluginconfpath
335 list
336
337 List of directories that are searched for plugin configurations
338 to load. All configuration files found in these directories,
339 that are named same as a plugin, are parsed. The default path is
340 /etc/dnf/plugins.
341
342 pluginpath
343 list
344
345 List of directories that are searched for plugins to load. Plug‐
346 ins found in any of the directories in this configuration option
347 are used. The default contains a Python version-specific path.
348
349 plugins
350 boolean
351
352 Controls whether the plugins are enabled. Default is True.
353
354 protected_packages
355 list
356
357 List of packages that DNF should never completely remove. They
358 are protected via Obsoletes as well as user/plugin removals.
359
360 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
361 glob:/etc/dnf/protected.d/*.conf. So any packages which should
362 be protected can do so by including a file in /etc/dnf/pro‐
363 tected.d with their package name in it.
364
365 DNF will protect also the package corresponding to the running
366 version of the kernel. See also protect_running_kernel option.
367
368 protect_running_kernel
369 boolean
370
371 Controls whether the package corresponding to the running ver‐
372 sion of kernel is protected from removal. Default is True.
373
374 releasever
375 string
376
377 Used for substitution of $releasever in the repository configu‐
378 ration. See also repo variables.
379
380 reposdir
381 list
382
383 DNF searches for repository configuration files in the paths
384 specified by reposdir. The behavior of reposdir could differ
385 when it is used along with --installroot option.
386
387 rpmverbosity
388 string
389
390 RPM debug scriptlet output level. One of: critical, emergency,
391 error, warn, info or debug. Default is info.
392
393 strict boolean
394
395 If disabled, all unavailable packages or packages with broken
396 dependencies given to DNF command will be skipped without rais‐
397 ing the error causing the whole operation to fail. Currently
398 works for install command only. The default is True.
399
400 tsflags
401 list
402
403 List of strings adding extra flags for the RPM transaction.
404
405 ┌─────────────┬────────────────────────────┐
406 │tsflag value │ RPM Transaction Flag │
407 ├─────────────┼────────────────────────────┤
408 │noscripts │ RPMTRANS_FLAG_NOSCRIPTS │
409 ├─────────────┼────────────────────────────┤
410 │test │ RPMTRANS_FLAG_TEST │
411 ├─────────────┼────────────────────────────┤
412 │notriggers │ RPMTRANS_FLAG_NOTRIGGERS │
413 ├─────────────┼────────────────────────────┤
414 │nodocs │ RPMTRANS_FLAG_NODOCS │
415 ├─────────────┼────────────────────────────┤
416 │justdb │ RPMTRANS_FLAG_JUSTDB │
417 ├─────────────┼────────────────────────────┤
418 │nocontexts │ RPMTRANS_FLAG_NOCONTEXTS │
419 ├─────────────┼────────────────────────────┤
420 │nocaps │ RPMTRANS_FLAG_NOCAPS │
421 ├─────────────┼────────────────────────────┤
422 │nocrypto │ RPMTRANS_FLAG_NOFILEDIGEST │
423 └─────────────┴────────────────────────────┘
424
425 The nocrypto option will also set the _RPMVSF_NOSIGNATURES and
426 _RPMVSF_NODIGESTS VS flags. The test option provides a transac‐
427 tion check without performing the transaction. It includes down‐
428 loading of packages, gpg keys check (including permanent import
429 of additional keys if necessary), and rpm check to prevent file
430 conflicts. The nocaps is supported with rpm-4.14 or later. When
431 nocaps is used but rpm doesn't support it, DNF only reports it
432 as an invalid tsflag.
433
434 upgrade_group_objects_upgrade
435 boolean
436
437 Set this to False to disable the automatic running of group up‐
438 grade when running the upgrade command. Default is True (perform
439 the operation).
440
441 varsdir
442 list
443
444 List of directories where variables definition files are looked
445 for. Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
446 files in Configuration reference.
447
448 zchunk boolean
449
450 Enables or disables the use of repository metadata compressed
451 using the zchunk format (if available). Default is True.
452
454 color string
455
456 Controls if DNF uses colored output on the command line. Possi‐
457 ble values: "auto", "never", "always". Default is "auto".
458
459 color_list_available_downgrade
460 color
461
462 Color of available packages that are older than installed pack‐
463 ages. The option is used during list operations. Default is ma‐
464 genta.
465
466 color_list_available_install
467 color
468
469 Color of packages that are available for installation and none
470 of their versions in installed. The option is used during list
471 operations. Default is bold,cyan.
472
473 color_list_available_reinstall
474 color
475
476 Color of available packages that are identical to installed ver‐
477 sions and are available for reinstalls. Default is bold,under‐
478 line,green. The option is used during list operations.
479
480 color_list_available_upgrade
481 color
482
483 Color of available packages that are newer than installed pack‐
484 ages. Default is bold,blue. The option is used during list op‐
485 erations.
486
487 color_list_installed_extra
488 color
489
490 Color of installed packages that do not have any version among
491 available packages. The option is used during list operations.
492 Default is bold,red.
493
494 color_list_installed_newer
495 color
496
497 Color of installed packages that are newer than any version
498 among available packages. The option is used during list opera‐
499 tions. Default is bold,yellow.
500
501 color_list_installed_older
502 color
503
504 Color of installed packages that are older than any version
505 among available packages. The option is used during list opera‐
506 tions. Default is yellow.
507
508 color_list_installed_reinstall
509 color
510
511 Color of installed packages that are among available packages
512 and can be reinstalled. The option is used during list opera‐
513 tions. Default is cyan.
514
515 color_search_match
516 color
517
518 Color of patterns matched in search output. Default is bold,ma‐
519 genta.
520
521 color_update_installed
522 color
523
524 Color of removed packages. Default is red. This option is used
525 during displaying transactions.
526
527 color_update_local
528 color
529
530 Color of local packages that are installed from the @commandline
531 repository. This option is used during displaying transactions.
532 Default is green.
533
534 color_update_remote
535 color
536
537 Color of packages that are installed/upgraded/downgraded from
538 remote repositories. This option is used during displaying
539 transactions. Default is bold,green.
540
542 baseurl
543 list
544
545 List of URLs for the repository. Defaults to [].
546
547 URLs are tried in the listed order (equivalent to yum's
548 "failovermethod=priority" behaviour).
549
550 cost integer
551
552 The relative cost of accessing this repository, defaulting to
553 1000. This value is compared when the priorities of two reposi‐
554 tories are the same. The repository with the lowest cost is
555 picked. It is useful to make the library prefer on-disk reposi‐
556 tories to remote ones.
557
558 enabled
559 boolean
560
561 Include this repository as a package source. The default is
562 True.
563
564 gpgkey list of strings
565
566 URLs of a GPG key files that can be used for signing metadata
567 and packages of this repository, empty by default. If a file can
568 not be verified using the already imported keys, import of keys
569 from this option is attempted and the keys are then used for
570 verification.
571
572 metalink
573 string
574
575 URL of a metalink for the repository. Defaults to None.
576
577 mirrorlist
578 string
579
580 URL of a mirrorlist for the repository. Defaults to None.
581
582 module_hotfixes
583 boolean
584
585 Set this to True to disable module RPM filtering and make all
586 RPMs from the repository available. The default is False. This
587 allows user to create a repository with cherry-picked hotfixes
588 that are included in a package set on a modular system.
589
590 name string
591
592 A human-readable name of the repository. Defaults to the ID of
593 the repository.
594
595 priority
596 integer
597
598 The priority value of this repository, default is 99. If there
599 is more than one candidate package for a particular operation,
600 the one from a repo with the lowest priority value is picked,
601 possibly despite being less convenient otherwise (e.g. by being
602 a lower version).
603
604 type string
605
606 Type of repository metadata. Supported values are: rpm-md.
607 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
608
610 Right side of every repo option can be enriched by the following vari‐
611 ables:
612
613 $arch
614 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
615 x86_64.
616
617 $basearch
618 Refers to the base architecture of the system. For example, i686 and
619 i586 machines both have a base architecture of i386, and AMD64 and
620 Intel64 machines have a base architecture of x86_64.
621
622 $releasever
623 Refers to the release version of operating system which DNF derives
624 from information available in RPMDB.
625
626 In addition to these hard coded variables, user-defined ones can also
627 be used. They can be defined either via variable files, or by using
628 special environmental variables. The names of these variables must be
629 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
630 acters and underscores:
631
632 $ DNF_VAR_MY_VARIABLE=value
633
634 To use such variable in your repository configuration remove the pre‐
635 fix. E.g.:
636
637 [myrepo]
638 baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
639
640 Note that it is not possible to override the arch and basearch vari‐
641 ables using either variable files or environmental variables.
642
643 Although users are encouraged to use named variables, the numbered en‐
644 vironmental variables DNF0 - DNF9 are still supported:
645
646 $ DNF1=value
647
648 [myrepo]
649 baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
650
652 Some options can be applied in either the main section, per repository,
653 or in a combination. The value provided in the main section is used for
654 all repositories as the default value, which repositories can then
655 override in their configuration.
656
657 bandwidth
658 storage size
659
660 Total bandwidth available for downloading. Meaningful when used
661 with the throttle option. Storage size is in bytes by default
662 but can be specified with a unit of storage. Valid units are
663 'k', 'M', 'G'.
664
665 countme
666 boolean
667
668 Determines whether a special flag should be added to a single,
669 randomly chosen metalink/mirrorlist query each week. This al‐
670 lows the repository owner to estimate the number of systems con‐
671 suming it, by counting such queries over a week's time, which is
672 much more accurate than just counting unique IP addresses (which
673 is subject to both overcounting and undercounting due to short
674 DHCP leases and NAT, respectively).
675
676 The flag is a simple "countme=N" parameter appended to the met‐
677 alink and mirrorlist URL, where N is an integer representing the
678 "longevity" bucket this system belongs to. The following 4
679 buckets are defined, based on how many full weeks have passed
680 since the beginning of the week when this system was installed:
681 1 = first week, 2 = first month (2-4 weeks), 3 = six months
682 (5-24 weeks) and 4 = more than six months (> 24 weeks). This
683 information is meant to help distinguish short-lived installs
684 from long-term ones, and to gather other statistics about system
685 lifecycle.
686
687 Default is False.
688
689 deltarpm
690 boolean
691
692 When enabled, DNF will save bandwidth by downloading much
693 smaller delta RPM files, rebuilding them to RPM locally. How‐
694 ever, this is quite CPU and I/O intensive. Default is True.
695
696 deltarpm_percentage
697 integer
698
699 When the relative size of delta vs pkg is larger than this,
700 delta is not used. Default value is 75 (Deltas must be at least
701 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
702 ing. Local repositories (with file:// baseurl) have delta rpms
703 turned off by default.
704
705 enablegroups
706 boolean
707
708 Determines whether DNF will allow the use of package groups for
709 this repository. Default is True (package groups are allowed).
710
711 excludepkgs
712 list
713
714 Exclude packages of this repository, specified by a name or a
715 glob and separated by a comma, from all operations. Can be dis‐
716 abled using --disableexcludes command line switch. Defaults to
717 [].
718
719 fastestmirror
720 boolean
721
722 If enabled a metric is used to find the fastest available mir‐
723 ror. This overrides the order provided by the mirrorlist/met‐
724 alink file itself. This file is often dynamically generated by
725 the server to provide the best download speeds and enabling
726 fastestmirror overrides this. The default is False.
727
728 gpgcheck
729 boolean
730
731 Whether to perform GPG signature check on packages found in this
732 repository. The default is False.
733
734 This option can only be used to strengthen the active RPM secu‐
735 rity policy set with the %_pkgverify_level macro (see the
736 /usr/lib/rpm/macros file for details). That means, if the macro
737 is set to 'signature' or 'all' and this option is False, it will
738 be overridden to True during DNF runtime, and a warning will be
739 printed. To squelch the warning, make sure this option is True
740 for every enabled repository, and also enable localpkg_gpgcheck.
741
742 includepkgs
743 list
744
745 Include packages of this repository, specified by a name or a
746 glob and separated by a comma, in all operations. Inverse of
747 excludepkgs, DNF will exclude any package in the repository that
748 doesn't match this list. This works in conjunction with ex‐
749 cludepkgs and doesn't override it, so if you 'excludep‐
750 kgs=*.i386' and 'includepkgs=python*' then only packages start‐
751 ing with python that do not have an i386 arch will be seen by
752 DNF in this repo. Can be disabled using --disableexcludes com‐
753 mand line switch. Defaults to [].
754
755 ip_resolve
756 IP address type
757
758 Determines how DNF resolves host names. Set this to '4'/'IPv4'
759 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By de‐
760 fault, DNF resolves to either addresses.
761
762 localpkg_gpgcheck
763 boolean
764
765 Whether to perform a GPG signature check on local packages
766 (packages in a file, not in a repository). The default is
767 False. This option is subject to the active RPM security policy
768 (see gpgcheck for more details).
769
770 max_parallel_downloads
771 integer
772
773 Maximum number of simultaneous package downloads. Defaults to 3.
774 Maximum of 20.
775
776 metadata_expire
777 time in seconds
778
779 The period after which the remote repository is checked for
780 metadata update and in the positive case the local metadata
781 cache is updated. The default corresponds to 48 hours. Set this
782 to -1 or never to make the repo never considered expired. Expire
783 of metadata can be also triggered by change of timestamp of con‐
784 figuration files (dnf.conf, <repo>.repo). See also
785 check_config_file_age.
786
787 minrate
788 storage size
789
790 This sets the low speed threshold in bytes per second. If the
791 server is sending data at the same or slower speed than this
792 value for at least timeout option seconds, DNF aborts the con‐
793 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
794
795 password
796 string
797
798 The password to use for connecting to a repository with basic
799 HTTP authentication. Empty by default.
800
801 proxy string
802
803 URL of a proxy server to connect through. Set to an empty string
804 to disable the proxy setting inherited from the main section and
805 use direct connection instead. The expected format of this op‐
806 tion is <scheme>://<ip-or-hostname>[:port]. (For backward com‐
807 patibility, '_none_' can be used instead of the empty string.)
808
809 Note: The curl environment variables (such as http_proxy) are
810 effective if this option is unset. See the curl man page for de‐
811 tails.
812
813 proxy_username
814 string
815
816 The username to use for connecting to the proxy server. Empty by
817 default.
818
819 proxy_password
820 string
821
822 The password to use for connecting to the proxy server. Empty by
823 default.
824
825 proxy_auth_method
826 string
827
828 The authentication method used by the proxy server. Valid values
829 are
830
831 ┌──────────┬────────────────────────────┐
832 │method │ meaning │
833 ├──────────┼────────────────────────────┤
834 │basic │ HTTP Basic authentication │
835 ├──────────┼────────────────────────────┤
836 │digest │ HTTP Digest authentication │
837 ├──────────┼────────────────────────────┤
838 │negotiate │ HTTP Negotiate (SPNEGO) │
839 │ │ authentication │
840 ├──────────┼────────────────────────────┤
841 │ntlm │ HTTP NTLM authentication │
842 ├──────────┼────────────────────────────┤
843 │digest_ie │ HTTP Digest authentication │
844 │ │ with an IE flavor │
845 ├──────────┼────────────────────────────┤
846 │ntlm_wb │ NTLM delegating to winbind │
847 │ │ helper │
848 ├──────────┼────────────────────────────┤
849 │none │ None auth method │
850 ├──────────┼────────────────────────────┤
851 │any │ All suitable methods │
852 └──────────┴────────────────────────────┘
853
854 Defaults to any
855
856 proxy_sslcacert
857 string
858
859 Path to the file containing the certificate authorities to ver‐
860 ify proxy SSL certificates. Empty by default - uses system de‐
861 fault.
862
863 proxy_sslverify
864 boolean
865
866 When enabled, proxy SSL certificates are verified. If the client
867 can not be authenticated, connecting fails and the repository is
868 not used any further. If False, SSL connections can be used, but
869 certificates are not verified. Default is True.
870
871 proxy_sslclientcert
872 string
873
874 Path to the SSL client certificate used to connect to proxy
875 server. Empty by default.
876
877 proxy_sslclientkey
878 string
879
880 Path to the SSL client key used to connect to proxy server.
881 Empty by default.
882
883 repo_gpgcheck
884 boolean
885
886 Whether to perform GPG signature check on this repository's
887 metadata. The default is False.
888
889 retries
890 integer
891
892 Set the number of total retries for downloading packages. The
893 number is accumulative, so e.g. for retries=10, dnf will fail
894 after any package download fails for eleventh time. Setting this
895 to 0 makes dnf try forever. Default is 10.
896
897 skip_if_unavailable
898 boolean
899
900 If enabled, DNF will continue running and disable the repository
901 that couldn't be synchronized for any reason. This option
902 doesn't affect skipping of unavailable packages after dependency
903 resolution. To check inaccessibility of repository use it in
904 combination with refresh command line option. The default is
905 False. Note this option in particular can be set in your con‐
906 figuration file by your distribution.
907
908 sslcacert
909 string
910
911 Path to the file containing the certificate authorities to ver‐
912 ify SSL certificates. Empty by default - uses system default.
913
914 sslverify
915 boolean
916
917 When enabled, remote SSL certificates are verified. If the
918 client can not be authenticated, connecting fails and the repos‐
919 itory is not used any further. If False, SSL connections can be
920 used, but certificates are not verified. Default is True.
921
922 sslverifystatus
923 boolean
924
925 When enabled, revocation status of the server certificate is
926 verified using the "Certificate Status Request" TLS extension
927 (aka. OCSP stapling). Default is False.
928
929 sslclientcert
930 string
931
932 Path to the SSL client certificate used to connect to remote
933 sites. Empty by default.
934
935 sslclientkey
936 string
937
938 Path to the SSL client key used to connect to remote sites.
939 Empty by default.
940
941 throttle
942 storage size
943
944 Limits the downloading speed. It might be an absolute value or a
945 percentage, relative to the value of the bandwidth option op‐
946 tion. 0 means no throttling (the default). The absolute value is
947 in bytes by default but can be specified with a unit of storage.
948 Valid units are 'k', 'M', 'G'.
949
950 timeout
951 time in seconds
952
953 Number of seconds to wait for a connection before timing out.
954 Used in combination with minrate option option. Defaults to 30
955 seconds.
956
957 username
958 string
959
960 The username to use for connecting to repo with basic HTTP au‐
961 thentication. Empty by default.
962
963 user_agent
964 string
965
966 The User-Agent string to include in HTTP requests sent by DNF.
967 Defaults to
968
969 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
970
971 where NAME, VERSION_ID and VARIANT_ID are OS identifiers read
972 from the os-release(5) file, and OS and BASEARCH are the canoni‐
973 cal OS name and base architecture, respectively. Example:
974
975 libdnf (Fedora 31; server; Linux.x86_64)
976
978 boolean
979 This is a data type with only two possible values.
980
981 One of following options can be used: 1, 0, True, False, yes, no
982
983 integer
984 It is a whole number that can be written without a fractional
985 component.
986
987 list It is an option that could represent one or more strings sepa‐
988 rated by space or comma characters.
989
990 string It is a sequence of symbols or digits without any whitespace
991 character.
992
993 color A string describing color and modifiers separated with a comma,
994 for example "red,bold".
995
996 • Colors: black, blue, cyan, green, magenta, red, white, yellow
997
998 • Modifiers: bold, blink, dim, normal, reverse, underline
999
1001 Cache Files
1002 /var/cache/dnf
1003
1004 Main Configuration File
1005 /etc/dnf/dnf.conf
1006
1007 Repository
1008 /etc/yum.repos.d/
1009
1010 Variables
1011 Any properly named file in /etc/dnf/vars is turned into a vari‐
1012 able named after the filename (or overrides any of the above
1013 variables but those set from commandline). Filenames may contain
1014 only alphanumeric characters and underscores and be in lower‐
1015 case. Variables are also read from /etc/yum/vars for YUM com‐
1016 patibility reasons.
1017
1019 • dnf(8), DNF Command Reference
1020
1022 See AUTHORS in DNF source distribution.
1023
1025 2012-2021, Red Hat, Licensed under GPLv2+
1026
1027
1028
1029
10304.9.0 Sep 23, 2021 DNF.CONF(5)