1DNF.CONF(5)                           DNF                          DNF.CONF(5)
2
3
4

NAME

6       dnf.conf - DNF Configuration Reference
7

DESCRIPTION

9       DNF  by default uses the global configuration file at /etc/dnf/dnf.conf
10       and all *.repo files found under /etc/yum.repos.d. The latter is  typi‐
11       cally  used  for  repository  configuration  and  takes precedence over
12       global configuration.
13
14       The configuration file has INI format consisting of section declaration
15       and name=value options below each on separate line. There are two types
16       of sections in the configuration files: main and repository. Main  sec‐
17       tion defines all global configuration options and should be only one.
18
19       The  repository  sections  define the configuration for each (remote or
20       local) repository. The section name of the repository in brackets serve
21       as  repo  ID reference and should be unique across configuration files.
22       The allowed characters of repo ID  string  are  lower  and  upper  case
23       alphabetic letters, digits, -, _, .  and :. The minimal repository con‐
24       figuration file should aside from repo ID consists of baseurl, metalink
25       or mirrorlist option definition.
26

[MAIN] OPTIONS

28       arch   string
29
30              The  architecture  used for installing packages. By default this
31              is auto-detected. Often used together with ignorearch option.
32
33       assumeyes
34              boolean
35
36              If enabled dnf will assume Yes where it  would  normally  prompt
37              for  confirmation from user input (see also defaultyes). Default
38              is False.
39
40       autocheck_running_kernel
41              boolean
42
43              Automatic check whether there is installed newer  kernel  module
44              with  security  update than currently running kernel. Default is
45              True.
46
47       best   boolean
48
49              When upgrading a package, always try to install its highest ver‐
50              sion  available,  even only to find out some of its deps are not
51              satisfiable. Enable this if you want to experience broken depen‐
52              dencies in the repositories firsthand. The default is False.
53
54       check_config_file_age
55              boolean
56
57              Specifies  whether  dnf  should automatically expire metadata of
58              repos, which are older than  their  corresponding  configuration
59              file (usually the dnf.conf file and the foo.repo file).  Default
60              is True (perform the check). Expire of metadata is also affected
61              by metadata age.  See also metadata_expire.
62
63       clean_requirements_on_remove
64              boolean
65
66              Remove dependencies that are no longer used during dnf remove. A
67              package  only   qualifies   for   removal   via   clean_require‐
68              ments_on_remove  if  it  was  installed  through  DNF but not on
69              explicit user request, i.e. it was pulled in  as  a  dependency.
70              The  default  is True.  (installonlypkgs are never automatically
71              removed.)
72
73       config_file_path
74              string
75
76              Path  to  the  default  main  configuration  file.  Default   is
77              /etc/dnf/dnf.conf.
78
79       debuglevel
80              integer
81
82              Debug  messages  output  level, in the range 0 to 10. The higher
83              the number the more debug output is put to stdout. Default is 2.
84
85       defaultyes
86              boolean
87
88              If enabled the default answer to user confirmation prompts  will
89              be  Yes. Not to be confused with assumeyes which will not prompt
90              at all. Default is False.
91
92       errorlevel
93              integer
94
95              Error messages output level, in the range 0 to  10.  The  higher
96              the number the more error output is put to stderr. Default is 3.
97              This is deprecated in DNF and overwritten by --verbose  command‐
98              line option.
99
100       exit_on_lock
101              boolean
102
103              Should  the  dnf client exit immediately when something else has
104              the lock. Default is False
105
106       gpgkey_dns_verification
107              boolean
108
109              Should the dnf attempt to automatically verify GPG  verification
110              keys using the DNS system. This option requires libunbound to be
111              installed on the client system. This system has  two  main  fea‐
112              tures. The first one is to check if any of the already installed
113              keys have been revoked. Automatic removal of the key is not  yet
114              available,  so it is up to the user, to remove revoked keys from
115              the system. The second feature is automatic verification of  new
116              keys  when  a  repository is added to the system. In interactive
117              mode, the result is written to the output as a suggestion to the
118              user.  In non-interactive mode (i.e. when -y is used), this sys‐
119              tem will automatically accept keys that are available in the DNS
120              and  are correctly signed using DNSSEC. It will also accept keys
121              that do not exist in the DNS system and their  NON-existence  is
122              cryptographically  proven  using  DNSSEC. This is mainly to pre‐
123              serve backward compatibility.
124
125       group_package_types
126              list
127
128              List of the following: optional, default, mandatory.  Tells  dnf
129              which  type  of  packages  in  groups  will  be  installed  when
130              'groupinstall' is called. Default is: default, mandatory
131
132       ignorearch
133              boolean
134
135              If set to True, RPM will  allow  attempts  to  install  packages
136              incompatible  with  the  CPU's  architecture. Defaults to False.
137              Often used together with arch option.
138
139       install_weak_deps
140              boolean
141
142              When this option is set to True and a new package is about to be
143              installed, all packages linked by weak dependency relation (Rec‐
144              ommends or Supplements flags) with this package will pulled into
145              the transaction.  Default is True.
146
147       installonlypkgs
148              list
149
150              List  of  provide  names  of  packages  that should only ever be
151              installed, never upgraded. Kernels in particular fall into  this
152              category.   These  packages  are never removed by dnf autoremove
153              even   if   they   were   installed   as    dependencies    (see
154              clean_requirements_on_remove  for  auto  removal details).  This
155              option append the list values  to  the  default  installonlypkgs
156              list  used  by DNF. The number of kept package versions is regu‐
157              lated by installonly_limit.
158
159       installonly_limit
160              integer
161
162              Number of installonly packages allowed to be  installed  concur‐
163              rently.  Defaults  to 3. The minimal number of installonly pack‐
164              ages is 2. Value 0 or 1 means unlimited  number  of  installonly
165              packages.
166
167       keepcache
168              boolean
169
170              Keeps downloaded packages in the cache when set to True. Even if
171              it is set to False and packages have  not  been  installed  they
172              will  still  persist  until  next  successful  transaction.  The
173              default is False.
174
175       logdir string
176
177              Directory where  the  log  files  will  be  stored.  Default  is
178              /var/log.
179
180       metadata_timer_sync
181              time in seconds
182
183              The minimal period between two consecutive makecache timer runs.
184              The command will stop immediately if it's less  than  this  time
185              period since its last run. Does not affect simple makecache run.
186              Use 0 to completely disable  automatic  metadata  synchronizing.
187              The  default corresponds to three hours. The value is rounded to
188              the next commenced hour.
189
190       module_platform_id
191              string
192
193              Set this to $name:$stream to override PLATFORM_ID detected  from
194              /etc/os-release.   It  is  necessary to perform a system upgrade
195              and switch to a new platform.
196
197       obsoletes
198              boolean
199
200              This option only has affect during an install/update. It enables
201              dnf's obsoletes processing logic, which means it makes dnf check
202              whether any dependencies of given package are no longer required
203              and   removes   them.   Useful  when  doing  distribution  level
204              upgrades.  Default is 'true'.
205
206              Command-line option: --obsoletes
207
208       pluginconfpath
209              list
210
211              List of directories that are searched for plugin  configurations
212              to  load.  All  configuration  files found in these directories,
213              that are named same as a plugin, are parsed. The default path is
214              /etc/dnf/plugins.
215
216       pluginpath
217              list
218
219              List of directories that are searched for plugins to load. Plug‐
220              ins found in any of the directories in this configuration option
221              are used. The default contains a Python version-specific path.
222
223       protected_packages
224              list
225
226              List  of  packages that DNF should never completely remove. They
227              are protected via Obsoletes as well as user/plugin removals.
228
229              The  default  is:  dnf,   glob:/etc/yum/protected.d/*.conf   and
230              glob:/etc/dnf/protected.d/*.conf.  So  any packages which should
231              be protected can do so by  including  a  file  in  /etc/dnf/pro‐
232              tected.d with their package name in it.
233
234              DNF  will  protect also the package corresponding to the running
235              version of the kernel.
236
237       reposdir
238              list
239
240              DNF searches for repository configuration  files  in  the  paths
241              specified  by  reposdir.  The  behavior of reposdir could differ
242              when it is used along with --installroot option.
243
244       rpmverbosity
245              string
246
247              RPM debug scriptlet output level. One of:  critical,  emergency,
248              error, warn, info or debug. Default is info.
249
250       upgrade_group_objects_upgrade
251              boolean
252
253              Set  this  to  False  to  disable the automatic running of group
254              upgrade when running the upgrade command. Default is True  (per‐
255              form the operation).
256

REPO OPTIONS

258       baseurl
259              list
260
261              URLs for the repository.
262
263       cost   integer
264
265              The  relative  cost  of accessing this repository, defaulting to
266              1000. This value is compared when the priorities of two  reposi‐
267              tories  are  the  same.  The  repository with the lowest cost is
268              picked. It is useful to make the library prefer on-disk  reposi‐
269              tories to remote ones.
270
271       enabled
272              boolean
273
274              Include  this  repository  as  a  package source. The default is
275              True.
276
277       gpgkey list of strings
278
279              URLs of a GPG key files that can be used  for  signing  metadata
280              and packages of this repository, empty by default. If a file can
281              not be verified using the already imported keys, import of  keys
282              from  this  option  is  attempted and the keys are then used for
283              verification.
284
285       metalink
286              string
287
288              URL of a metalink for the repository.
289
290       mirrorlist
291              string
292
293              URL of a mirrorlist for the repository.
294
295       module_hotfixes
296              boolean
297
298              Set this to True to disable module RPM filtering  and  make  all
299              RPMs  from the repository available. The default is False.  This
300              allows user to create a repository with  cherry-picked  hotfixes
301              that are included in a package set on a modular system.
302
303       name   string
304
305              A  human-readable  name of the repository. Defaults to the ID of
306              the repository.
307
308       priority
309              integer
310
311              The priority value of this repository, default is 99.  If  there
312              is  more  than one candidate package for a particular operation,
313              the one from a repo with the lowest priority  value  is  picked,
314              possibly  despite being less convenient otherwise (e.g. by being
315              a lower version).
316
317       retries
318              integer
319
320              Overrides the retries option from the [main]  section  for  this
321              repository.
322
323       skip_if_unavailable
324              boolean
325
326              If enabled, DNF will continue running and disable the repository
327              that couldn't be contacted for any reason when downloading meta‐
328              data.  This  option doesn't affect skipping of unavailable pack‐
329              ages after dependency resolution. To  check  inaccessibility  of
330              repository  use  it  in  combination  with  refresh command line
331              option. The default is True.
332
333       strict boolean
334
335              If disabled, all unavailable packages or  packages  with  broken
336              dependencies  given to DNF command will be skipped without rais‐
337              ing the error causing the whole  operation  to  fail.  Currently
338              works for install command only. The default is True.
339
340       type   string
341
342              Type  of  repository  metadata.  Supported  values  are: rpm-md.
343              Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
344

REPO VARIABLES

346       Right side of every repo option can be enriched by the following  vari‐
347       ables:
348
349       $arch
350          Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
351          x86_64.
352
353       $basearch
354          Refers to the base architecture of the system. For example, i686 and
355          i586  machines  both have a base architecture of i386, and AMD64 and
356          Intel64 machines have a base architecture of x86_64.
357
358       $releasever
359          Refers to the release version of operating system which DNF  derives
360          from information available in RPMDB.
361

OPTIONS FOR BOTH [MAIN] AND REPO

363       Some options can be applied in either the main section, per repository,
364       or in a combination. The value provided in the main section is used for
365       all  repositories  as  the  default value and concrete repositories can
366       override it in their configuration.
367
368       bandwidth
369              storage size
370
371              Total bandwidth available for downloading. Meaningful when  used
372              with  the  throttle  option. Storage size is in bytes by default
373              but can be specified with a unit of  storage.  Valid  units  are
374              'k', 'M', 'G'.
375
376       deltarpm
377              boolean
378
379              When  enabled,  DNF  will  save  bandwidth  by  downloading much
380              smaller delta RPM files, rebuilding them to  RPM  locally.  How‐
381              ever, this is quite CPU and I/O intensive. Default is True.
382
383       deltarpm_percentage
384              integer
385
386              When  the  relative  size  of  delta vs pkg is larger than this,
387              delta is not used.  Default value is 75 (Deltas must be at least
388              25% smaller than the pkg).  Use 0 to turn off delta rpm process‐
389              ing. Local repositories (with file:// baseurl) have  delta  rpms
390              turned off by default.
391
392       enablegroups
393              boolean
394
395              Determines  whether DNF will allow the use of package groups for
396              this repository. Default is True (package groups are allowed).
397
398       excludepkgs
399              list
400
401              Exclude packages of this repository, specified by a  name  or  a
402              glob and separated by a comma, from all operations.  Can be dis‐
403              abled using --disableexcludes command line switch.
404
405       fastestmirror
406              boolean
407
408              If enabled a metric is used to find the fastest  available  mir‐
409              ror.  This  overrides  the order provided by the mirrorlist/met‐
410              alink file itself. This file is often dynamically  generated  by
411              the  server  to  provide  the  best download speeds and enabling
412              fastestmirror overrides this. The default is False.
413
414       gpgcheck
415              boolean
416
417              Whether to perform GPG signature check on packages found in this
418              repository.  The default is False.  This option can only be used
419              to strengthen the  active  RPM  security  policy  set  with  the
420              %_pkgverify_level  macro  (see /usr/lib/rpm/macros for details).
421              That means, if the macro is set to signature  or  all  and  this
422              option is False, it will be overridden to True when DNF runs and
423              a warning will be printed.  To squelch the  warning,  make  sure
424              this  option is True on every enabled repository and also enable
425              localpkg_gpgcheck.
426
427       includepkgs
428              list
429
430              Include packages of this repository, specified by a  name  or  a
431              glob  and  separated  by a comma, in all operations.  Inverse of
432              excludepkgs, DNF will exclude any package in the repository that
433              doesn't  match this list. This works in conjunction with exclude
434              and doesn't override it,  so  if  you  'excludepkgs=*.i386'  and
435              'includepkgs=python*'  then  only  packages starting with python
436              that do not have an i386 arch will be seen by DNF in this  repo.
437              Can be disabled using --disableexcludes command line switch.
438
439       ip_resolve
440              IP address type
441
442              Determines  how  DNF resolves host names. Set this to '4'/'IPv4'
443              or '6'/'IPv6' to resolve to IPv4  or  IPv6  addresses  only.  By
444              default, DNF resolves to either addresses.
445
446       localpkg_gpgcheck
447              boolean
448
449              Whether  to  perform  a  GPG  signature  check on local packages
450              (packages in a file, not  in  a  repository).   The  default  is
451              False.  This option is subject to the active RPM security policy
452              (see gpgcheck for more details).
453
454       max_parallel_downloads
455              integer
456
457              Maximum number of simultaneous package downloads. Defaults to 3.
458
459       metadata_expire
460              time in seconds
461
462              The period after which the  remote  repository  is  checked  for
463              metadata  update  and  in  the  positive case the local metadata
464              cache is updated. The default corresponds to 48 hours. Set  this
465              to -1 or never to make the repo never considered expired. Expire
466              of metadata can bee also triggered by  change  of  timestamp  of
467              configuration    files   (dnf.conf,   <repo>.repo).   See   also
468              check_config_file_age.
469
470       minrate
471              storage size
472
473              This sets the low speed threshold in bytes per  second.  If  the
474              server  is  sending  data  at the same or slower speed than this
475              value for at least timeout option seconds, DNF aborts  the  con‐
476              nection. The default is 1000. Valid units are 'k', 'M', 'G'.
477
478       proxy  string
479
480              URL  of  a proxy server to connect through. If none is specified
481              then direct connection is used (the default).
482
483       proxy_username
484              string
485
486              The username to use for connecting to the proxy server. Empty by
487              default.
488
489       proxy_password
490              string
491
492              The password to use for connecting to the proxy server. Empty by
493              default.
494
495       proxy_auth_method
496              string
497
498              The authentication method used by the proxy server. Valid values
499              are   'basic',   'digest',   'negotiate',  'ntlm',  'digest_ie',
500              'ntlm_wb', 'none' and 'any' (default).
501
502       repo_gpgcheck
503              boolean
504
505              Whether to perform GPG  signature  check  on  this  repository's
506              metadata. The default is False.
507
508       retries
509              integer
510
511              Set  the  number  of times any attempt to retrieve a file should
512              retry before returning an error. Setting this to 0 makes dnf try
513              forever. Default is 10.
514
515       sslcacert
516              string
517
518              Path to the directory or file containing the certificate author‐
519              ities to verify SSL certificates.  Empty by default - uses  sys‐
520              tem default.
521
522       sslverify
523              boolean
524
525              When enabled, remote SSL connections are verified. If the client
526              can not be authenticated connecting fails and the given repo  is
527              not  used further. On False, SSL connections can be used but are
528              not verified. Default is True.
529
530       sslclientcert
531              string
532
533              Path to the SSL client certificate used  to  connect  to  remote
534              sites.  Empty by default.
535
536       sslclientkey
537              string
538
539              Path  to  the  SSL  client  key used to connect to remote sites.
540              Empty by default.
541
542       throttle
543              storage size
544
545              Limits the downloading speed. It might be an absolute value or a
546              percentage,  relative  to  the  value  of  the  bandwidth option
547              option. 0 means no throttling (the default). The absolute  value
548              is in bytes by default but can be specified with a unit of stor‐
549              age. Valid units are 'k', 'M', 'G'.
550
551       timeout
552              time in seconds
553
554              Number of seconds to wait for a connection  before  timing  out.
555              Used  in  combination with minrate option option. Defaults to 30
556              seconds.
557
558       username
559              string
560
561              The username to use for  connecting  to  repo  with  basic  HTTP
562              authentication. Empty by default.
563
564       password
565              string
566
567              The  password  to  use  for  connecting  to repo with basic HTTP
568              authentication. Empty by default.
569

TYPES OF OPTIONS

571       boolean
572              This is a data type with only two possible values.
573
574              One of following options can be used: 1, 0, True, False, yes, no
575
576       integer
577              It is a whole number that can be written  without  a  fractional
578              component.
579
580       list   It  is  an option that could represent one or more strings sepa‐
581              rated by space or comma characters.
582
583       string It is a sequence of symbols or  digits  without  any  whitespace
584              character.
585

FILES

587       Cache Files
588              /var/cache/dnf
589
590       Main Configuration File
591              /etc/dnf/dnf.conf
592
593       Repository
594              /etc/yum.repos.d/
595
596       Variables
597              Any  properly named file in /etc/dnf/vars is turned into a vari‐
598              able named after the filename (or overrides  any  of  the  above
599              variables but those set from commandline). Filenames may contain
600              only alphanumeric characters and underscores and  be  in  lower‐
601              case.
602

SEE ALSO

604       · dnf(8), DNF Command Reference
605

AUTHOR

607       See AUTHORS in DNF source distribution.
608
610       2012-2014, Red Hat, Licensed under GPLv2+
611
612
613
614
6154.0.9                            May 13, 2019                      DNF.CONF(5)
Impressum