1DNF.CONF(5) DNF DNF.CONF(5)
2
3
4
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13
14 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18
19 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case
23 alphabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 arch string
29
30 The architecture used for installing packages. By default this
31 is auto-detected. Often used together with ignorearch option.
32
33 assumeyes
34 boolean
35
36 If enabled dnf will assume Yes where it would normally prompt
37 for confirmation from user input (see also defaultyes). Default
38 is False.
39
40 autocheck_running_kernel
41 boolean
42
43 Automatic check whether there is installed newer kernel module
44 with security update than currently running kernel. Default is
45 True.
46
47 best boolean
48
49 When upgrading a package, always try to install its highest ver‐
50 sion available, even only to find out some of its deps are not
51 satisfiable. Enable this if you want to experience broken depen‐
52 dencies in the repositories firsthand. The default is False.
53
54 check_config_file_age
55 boolean
56
57 Specifies whether dnf should automatically expire metadata of
58 repos, which are older than their corresponding configuration
59 file (usually the dnf.conf file and the foo.repo file). Default
60 is True (perform the check). Expire of metadata is also affected
61 by metadata age. See also metadata_expire.
62
63 clean_requirements_on_remove
64 boolean
65
66 Remove dependencies that are no longer used during dnf remove. A
67 package only qualifies for removal via clean_require‐
68 ments_on_remove if it was installed through DNF but not on
69 explicit user request, i.e. it was pulled in as a dependency.
70 The default is True. (installonlypkgs are never automatically
71 removed.)
72
73 config_file_path
74 string
75
76 Path to the default main configuration file. Default is
77 /etc/dnf/dnf.conf.
78
79 debuglevel
80 integer
81
82 Debug messages output level, in the range 0 to 10. The higher
83 the number the more debug output is put to stdout. Default is 2.
84
85 defaultyes
86 boolean
87
88 If enabled the default answer to user confirmation prompts will
89 be Yes. Not to be confused with assumeyes which will not prompt
90 at all. Default is False.
91
92 errorlevel
93 integer
94
95 Error messages output level, in the range 0 to 10. The higher
96 the number the more error output is put to stderr. Default is 3.
97 This is deprecated in DNF and overwritten by --verbose command‐
98 line option.
99
100 exit_on_lock
101 boolean
102
103 Should the dnf client exit immediately when something else has
104 the lock. Default is False
105
106 gpgkey_dns_verification
107 boolean
108
109 Should the dnf attempt to automatically verify GPG verification
110 keys using the DNS system. This option requires libunbound to be
111 installed on the client system. This system has two main fea‐
112 tures. The first one is to check if any of the already installed
113 keys have been revoked. Automatic removal of the key is not yet
114 available, so it is up to the user, to remove revoked keys from
115 the system. The second feature is automatic verification of new
116 keys when a repository is added to the system. In interactive
117 mode, the result is written to the output as a suggestion to the
118 user. In non-interactive mode (i.e. when -y is used), this sys‐
119 tem will automatically accept keys that are available in the DNS
120 and are correctly signed using DNSSEC. It will also accept keys
121 that do not exist in the DNS system and their NON-existence is
122 cryptographically proven using DNSSEC. This is mainly to pre‐
123 serve backward compatibility.
124
125 group_package_types
126 list
127
128 List of the following: optional, default, mandatory. Tells dnf
129 which type of packages in groups will be installed when
130 'groupinstall' is called. Default is: default, mandatory
131
132 ignorearch
133 boolean
134
135 If set to True, RPM will allow attempts to install packages
136 incompatible with the CPU's architecture. Defaults to False.
137 Often used together with arch option.
138
139 install_weak_deps
140 boolean
141
142 When this option is set to True and a new package is about to be
143 installed, all packages linked by weak dependency relation (Rec‐
144 ommends or Supplements flags) with this package will pulled into
145 the transaction. Default is True.
146
147 installonlypkgs
148 list
149
150 List of provide names of packages that should only ever be
151 installed, never upgraded. Kernels in particular fall into this
152 category. These packages are never removed by dnf autoremove
153 even if they were installed as dependencies (see
154 clean_requirements_on_remove for auto removal details). This
155 option append the list values to the default installonlypkgs
156 list used by DNF. The number of kept package versions is regu‐
157 lated by installonly_limit.
158
159 installonly_limit
160 integer
161
162 Number of installonly packages allowed to be installed concur‐
163 rently. Defaults to 3. The minimal number of installonly pack‐
164 ages is 2. Value 0 or 1 means unlimited number of installonly
165 packages.
166
167 keepcache
168 boolean
169
170 Keeps downloaded packages in the cache when set to True. Even if
171 it is set to False and packages have not been installed they
172 will still persist until next successful transaction. The
173 default is False.
174
175 logdir string
176
177 Directory where the log files will be stored. Default is
178 /var/log.
179
180 metadata_timer_sync
181 time in seconds
182
183 The minimal period between two consecutive makecache timer runs.
184 The command will stop immediately if it's less than this time
185 period since its last run. Does not affect simple makecache run.
186 Use 0 to completely disable automatic metadata synchronizing.
187 The default corresponds to three hours. The value is rounded to
188 the next commenced hour.
189
190 module_platform_id
191 string
192
193 Set this to $name:$stream to override PLATFORM_ID detected from
194 /etc/os-release. It is necessary to perform a system upgrade
195 and switch to a new platform.
196
197 obsoletes
198 boolean
199
200 This option only has affect during an install/update. It enables
201 dnf's obsoletes processing logic, which means it makes dnf check
202 whether any dependencies of given package are no longer required
203 and removes them. Useful when doing distribution level
204 upgrades. Default is 'true'.
205
206 Command-line option: --obsoletes
207
208 pluginconfpath
209 list
210
211 List of directories that are searched for plugin configurations
212 to load. All configuration files found in these directories,
213 that are named same as a plugin, are parsed. The default path is
214 /etc/dnf/plugins.
215
216 pluginpath
217 list
218
219 List of directories that are searched for plugins to load. Plug‐
220 ins found in any of the directories in this configuration option
221 are used. The default contains a Python version-specific path.
222
223 protected_packages
224 list
225
226 List of packages that DNF should never completely remove. They
227 are protected via Obsoletes as well as user/plugin removals.
228
229 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
230 glob:/etc/dnf/protected.d/*.conf. So any packages which should
231 be protected can do so by including a file in /etc/dnf/pro‐
232 tected.d with their package name in it.
233
234 DNF will protect also the package corresponding to the running
235 version of the kernel.
236
237 reposdir
238 list
239
240 DNF searches for repository configuration files in the paths
241 specified by reposdir. The behavior of reposdir could differ
242 when it is used along with --installroot option.
243
244 rpmverbosity
245 string
246
247 RPM debug scriptlet output level. One of: critical, emergency,
248 error, warn, info or debug. Default is info.
249
250 upgrade_group_objects_upgrade
251 boolean
252
253 Set this to False to disable the automatic running of group
254 upgrade when running the upgrade command. Default is True (per‐
255 form the operation).
256
258 baseurl
259 list
260
261 URLs for the repository.
262
263 cost integer
264
265 The relative cost of accessing this repository, defaulting to
266 1000. This value is compared when the priorities of two reposi‐
267 tories are the same. The repository with the lowest cost is
268 picked. It is useful to make the library prefer on-disk reposi‐
269 tories to remote ones.
270
271 enabled
272 boolean
273
274 Include this repository as a package source. The default is
275 True.
276
277 gpgkey list of strings
278
279 URLs of a GPG key files that can be used for signing metadata
280 and packages of this repository, empty by default. If a file can
281 not be verified using the already imported keys, import of keys
282 from this option is attempted and the keys are then used for
283 verification.
284
285 metalink
286 string
287
288 URL of a metalink for the repository.
289
290 mirrorlist
291 string
292
293 URL of a mirrorlist for the repository.
294
295 module_hotfixes
296 boolean
297
298 Set this to True to disable module RPM filtering and make all
299 RPMs from the repository available. The default is False. This
300 allows user to create a repository with cherry-picked hotfixes
301 that are included in a package set on a modular system.
302
303 name string
304
305 A human-readable name of the repository. Defaults to the ID of
306 the repository.
307
308 priority
309 integer
310
311 The priority value of this repository, default is 99. If there
312 is more than one candidate package for a particular operation,
313 the one from a repo with the lowest priority value is picked,
314 possibly despite being less convenient otherwise (e.g. by being
315 a lower version).
316
317 retries
318 integer
319
320 Overrides the retries option from the [main] section for this
321 repository.
322
323 skip_if_unavailable
324 boolean
325
326 If enabled, DNF will continue running and disable the repository
327 that couldn't be contacted for any reason when downloading meta‐
328 data. This option doesn't affect skipping of unavailable pack‐
329 ages after dependency resolution. To check inaccessibility of
330 repository use it in combination with refresh command line
331 option. The default is True.
332
333 strict boolean
334
335 If disabled, all unavailable packages or packages with broken
336 dependencies given to DNF command will be skipped without rais‐
337 ing the error causing the whole operation to fail. Currently
338 works for install command only. The default is True.
339
340 type string
341
342 Type of repository metadata. Supported values are: rpm-md.
343 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
344
346 Right side of every repo option can be enriched by the following vari‐
347 ables:
348
349 $arch
350 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
351 x86_64.
352
353 $basearch
354 Refers to the base architecture of the system. For example, i686 and
355 i586 machines both have a base architecture of i386, and AMD64 and
356 Intel64 machines have a base architecture of x86_64.
357
358 $releasever
359 Refers to the release version of operating system which DNF derives
360 from information available in RPMDB.
361
363 Some options can be applied in either the main section, per repository,
364 or in a combination. The value provided in the main section is used for
365 all repositories as the default value and concrete repositories can
366 override it in their configuration.
367
368 bandwidth
369 storage size
370
371 Total bandwidth available for downloading. Meaningful when used
372 with the throttle option. Storage size is in bytes by default
373 but can be specified with a unit of storage. Valid units are
374 'k', 'M', 'G'.
375
376 deltarpm
377 boolean
378
379 When enabled, DNF will save bandwidth by downloading much
380 smaller delta RPM files, rebuilding them to RPM locally. How‐
381 ever, this is quite CPU and I/O intensive. Default is True.
382
383 deltarpm_percentage
384 integer
385
386 When the relative size of delta vs pkg is larger than this,
387 delta is not used. Default value is 75 (Deltas must be at least
388 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
389 ing. Local repositories (with file:// baseurl) have delta rpms
390 turned off by default.
391
392 enablegroups
393 boolean
394
395 Determines whether DNF will allow the use of package groups for
396 this repository. Default is True (package groups are allowed).
397
398 excludepkgs
399 list
400
401 Exclude packages of this repository, specified by a name or a
402 glob and separated by a comma, from all operations. Can be dis‐
403 abled using --disableexcludes command line switch.
404
405 fastestmirror
406 boolean
407
408 If enabled a metric is used to find the fastest available mir‐
409 ror. This overrides the order provided by the mirrorlist/met‐
410 alink file itself. This file is often dynamically generated by
411 the server to provide the best download speeds and enabling
412 fastestmirror overrides this. The default is False.
413
414 gpgcheck
415 boolean
416
417 Whether to perform GPG signature check on packages found in this
418 repository. The default is False. This option can only be used
419 to strengthen the active RPM security policy set with the
420 %_pkgverify_level macro (see /usr/lib/rpm/macros for details).
421 That means, if the macro is set to signature or all and this
422 option is False, it will be overridden to True when DNF runs and
423 a warning will be printed. To squelch the warning, make sure
424 this option is True on every enabled repository and also enable
425 localpkg_gpgcheck.
426
427 includepkgs
428 list
429
430 Include packages of this repository, specified by a name or a
431 glob and separated by a comma, in all operations. Inverse of
432 excludepkgs, DNF will exclude any package in the repository that
433 doesn't match this list. This works in conjunction with exclude
434 and doesn't override it, so if you 'excludepkgs=*.i386' and
435 'includepkgs=python*' then only packages starting with python
436 that do not have an i386 arch will be seen by DNF in this repo.
437 Can be disabled using --disableexcludes command line switch.
438
439 ip_resolve
440 IP address type
441
442 Determines how DNF resolves host names. Set this to '4'/'IPv4'
443 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By
444 default, DNF resolves to either addresses.
445
446 localpkg_gpgcheck
447 boolean
448
449 Whether to perform a GPG signature check on local packages
450 (packages in a file, not in a repository). The default is
451 False. This option is subject to the active RPM security policy
452 (see gpgcheck for more details).
453
454 max_parallel_downloads
455 integer
456
457 Maximum number of simultaneous package downloads. Defaults to 3.
458
459 metadata_expire
460 time in seconds
461
462 The period after which the remote repository is checked for
463 metadata update and in the positive case the local metadata
464 cache is updated. The default corresponds to 48 hours. Set this
465 to -1 or never to make the repo never considered expired. Expire
466 of metadata can bee also triggered by change of timestamp of
467 configuration files (dnf.conf, <repo>.repo). See also
468 check_config_file_age.
469
470 minrate
471 storage size
472
473 This sets the low speed threshold in bytes per second. If the
474 server is sending data at the same or slower speed than this
475 value for at least timeout option seconds, DNF aborts the con‐
476 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
477
478 proxy string
479
480 URL of a proxy server to connect through. If none is specified
481 then direct connection is used (the default).
482
483 proxy_username
484 string
485
486 The username to use for connecting to the proxy server. Empty by
487 default.
488
489 proxy_password
490 string
491
492 The password to use for connecting to the proxy server. Empty by
493 default.
494
495 proxy_auth_method
496 string
497
498 The authentication method used by the proxy server. Valid values
499 are 'basic', 'digest', 'negotiate', 'ntlm', 'digest_ie',
500 'ntlm_wb', 'none' and 'any' (default).
501
502 repo_gpgcheck
503 boolean
504
505 Whether to perform GPG signature check on this repository's
506 metadata. The default is False.
507
508 retries
509 integer
510
511 Set the number of times any attempt to retrieve a file should
512 retry before returning an error. Setting this to 0 makes dnf try
513 forever. Default is 10.
514
515 sslcacert
516 string
517
518 Path to the directory or file containing the certificate author‐
519 ities to verify SSL certificates. Empty by default - uses sys‐
520 tem default.
521
522 sslverify
523 boolean
524
525 When enabled, remote SSL connections are verified. If the client
526 can not be authenticated connecting fails and the given repo is
527 not used further. On False, SSL connections can be used but are
528 not verified. Default is True.
529
530 sslclientcert
531 string
532
533 Path to the SSL client certificate used to connect to remote
534 sites. Empty by default.
535
536 sslclientkey
537 string
538
539 Path to the SSL client key used to connect to remote sites.
540 Empty by default.
541
542 throttle
543 storage size
544
545 Limits the downloading speed. It might be an absolute value or a
546 percentage, relative to the value of the bandwidth option
547 option. 0 means no throttling (the default). The absolute value
548 is in bytes by default but can be specified with a unit of stor‐
549 age. Valid units are 'k', 'M', 'G'.
550
551 timeout
552 time in seconds
553
554 Number of seconds to wait for a connection before timing out.
555 Used in combination with minrate option option. Defaults to 30
556 seconds.
557
558 username
559 string
560
561 The username to use for connecting to repo with basic HTTP
562 authentication. Empty by default.
563
564 password
565 string
566
567 The password to use for connecting to repo with basic HTTP
568 authentication. Empty by default.
569
571 boolean
572 This is a data type with only two possible values.
573
574 One of following options can be used: 1, 0, True, False, yes, no
575
576 integer
577 It is a whole number that can be written without a fractional
578 component.
579
580 list It is an option that could represent one or more strings sepa‐
581 rated by space or comma characters.
582
583 string It is a sequence of symbols or digits without any whitespace
584 character.
585
587 Cache Files
588 /var/cache/dnf
589
590 Main Configuration File
591 /etc/dnf/dnf.conf
592
593 Repository
594 /etc/yum.repos.d/
595
596 Variables
597 Any properly named file in /etc/dnf/vars is turned into a vari‐
598 able named after the filename (or overrides any of the above
599 variables but those set from commandline). Filenames may contain
600 only alphanumeric characters and underscores and be in lower‐
601 case.
602
604 · dnf(8), DNF Command Reference
605
607 See AUTHORS in DNF source distribution.
608
610 2012-2014, Red Hat, Licensed under GPLv2+
611
612
613
614
6154.0.9 May 13, 2019 DNF.CONF(5)