1DNF.CONF(5)                           DNF                          DNF.CONF(5)
2
3
4

NAME

6       dnf.conf - DNF Configuration Reference
7

DESCRIPTION

9       DNF  by default uses the global configuration file at /etc/dnf/dnf.conf
10       and all *.repo files found under /etc/yum.repos.d. The latter is  typi‐
11       cally  used  for  repository  configuration  and  takes precedence over
12       global configuration.
13
14       The configuration file has INI format consisting of section declaration
15       and name=value options below each on separate line. There are two types
16       of sections in the configuration files: main and repository. Main  sec‐
17       tion defines all global configuration options and should be only one.
18
19       The  repository  sections  define the configuration for each (remote or
20       local) repository. The section name of the repository in brackets serve
21       as  repo  ID reference and should be unique across configuration files.
22       The allowed characters of repo ID  string  are  lower  and  upper  case
23       alphabetic letters, digits, -, _, .  and :. The minimal repository con‐
24       figuration file should aside from repo ID consists of baseurl, metalink
25       or mirrorlist option definition.
26

[MAIN] OPTIONS

28       arch   string
29
30              The  architecture  used for installing packages. By default this
31              is auto-detected. Often used together with ignorearch option.
32
33       assumeyes
34              boolean
35
36              If enabled dnf will assume Yes where it  would  normally  prompt
37              for  confirmation from user input (see also defaultyes). Default
38              is False.
39
40       autocheck_running_kernel
41              boolean
42
43              Automatic check whether there is installed newer  kernel  module
44              with  security  update than currently running kernel. Default is
45              True.
46
47       best   boolean
48
49              When upgrading a package, always try to install its highest ver‐
50              sion  available,  even only to find out some of its deps are not
51              satisfiable. Enable this if you want to experience broken depen‐
52              dencies in the repositories firsthand. The default is False.
53
54       cachedir
55              string
56
57              Path  to  a directory used by various DNF subsystems for storing
58              cache data.  Has a reasonable root-writable default depending on
59              the  distribution.  DNF  needs  to  be  able to create files and
60              directories at this location.
61
62       check_config_file_age
63              boolean
64
65              Specifies whether dnf should automatically  expire  metadata  of
66              repos,  which  are  older than their corresponding configuration
67              file (usually the dnf.conf file and the foo.repo file).  Default
68              is True (perform the check). Expire of metadata is also affected
69              by metadata age.  See also metadata_expire.
70
71       clean_requirements_on_remove
72              boolean
73
74              Remove dependencies that are no longer used during dnf remove. A
75              package   only   qualifies   for   removal   via  clean_require‐
76              ments_on_remove if it was  installed  through  DNF  but  not  on
77              explicit  user  request,  i.e. it was pulled in as a dependency.
78              The default is True.  (installonlypkgs are  never  automatically
79              removed.)
80
81       config_file_path
82              string
83
84              Path   to  the  default  main  configuration  file.  Default  is
85              /etc/dnf/dnf.conf.
86
87       debuglevel
88              integer
89
90              Debug messages output level, in the range 0 to  10.  The  higher
91              the number the more debug output is put to stdout. Default is 2.
92
93       defaultyes
94              boolean
95
96              If  enabled the default answer to user confirmation prompts will
97              be Yes. Not to be confused with assumeyes which will not  prompt
98              at all. Default is False.
99
100       errorlevel
101              integer
102
103              Error  messages  output  level, in the range 0 to 10. The higher
104              the number the more error output is put to stderr. Default is 3.
105              This  is deprecated in DNF and overwritten by --verbose command‐
106              line option.
107
108       exit_on_lock
109              boolean
110
111              Should the dnf client exit immediately when something  else  has
112              the lock. Default is False
113
114       gpgkey_dns_verification
115              boolean
116
117              Should  the dnf attempt to automatically verify GPG verification
118              keys using the DNS system. This option requires libunbound to be
119              installed  on  the  client system. This system has two main fea‐
120              tures. The first one is to check if any of the already installed
121              keys  have been revoked. Automatic removal of the key is not yet
122              available, so it is up to the user, to remove revoked keys  from
123              the  system. The second feature is automatic verification of new
124              keys when a repository is added to the  system.  In  interactive
125              mode, the result is written to the output as a suggestion to the
126              user. In non-interactive mode (i.e. when -y is used), this  sys‐
127              tem will automatically accept keys that are available in the DNS
128              and are correctly signed using DNSSEC. It will also accept  keys
129              that  do  not exist in the DNS system and their NON-existence is
130              cryptographically proven using DNSSEC. This is  mainly  to  pre‐
131              serve backward compatibility.
132
133       group_package_types
134              list
135
136              List  of  the following: optional, default, mandatory. Tells dnf
137              which  type  of  packages  in  groups  will  be  installed  when
138              'groupinstall' is called. Default is: default, mandatory
139
140       ignorearch
141              boolean
142
143              If  set  to  True,  RPM  will allow attempts to install packages
144              incompatible with the CPU's  architecture.  Defaults  to  False.
145              Often used together with arch option.
146
147       install_weak_deps
148              boolean
149
150              When this option is set to True and a new package is about to be
151              installed, all packages linked by weak dependency relation (Rec‐
152              ommends or Supplements flags) with this package will pulled into
153              the transaction.  Default is True.
154
155       installonlypkgs
156              list
157
158              List of provide names of  packages  that  should  only  ever  be
159              installed,  never upgraded. Kernels in particular fall into this
160              category.  These packages are never removed  by  dnf  autoremove
161              even    if    they   were   installed   as   dependencies   (see
162              clean_requirements_on_remove for auto  removal  details).   This
163              option  append  the  list  values to the default installonlypkgs
164              list used by DNF. The number of kept package versions  is  regu‐
165              lated by installonly_limit.
166
167       installonly_limit
168              integer
169
170              Number  of  installonly packages allowed to be installed concur‐
171              rently. Defaults to 3. The minimal number of  installonly  pack‐
172              ages  is  2.  Value 0 or 1 means unlimited number of installonly
173              packages.
174
175       keepcache
176              boolean
177
178              Keeps downloaded packages in the cache when set to True. Even if
179              it  is  set  to  False and packages have not been installed they
180              will  still  persist  until  next  successful  transaction.  The
181              default is False.
182
183       logdir string
184
185              Directory  where  the  log  files  will  be  stored.  Default is
186              /var/log.
187
188       metadata_timer_sync
189              time in seconds
190
191              The minimal period between two consecutive makecache timer runs.
192              The  command  will  stop immediately if it's less than this time
193              period since its last run. Does not affect simple makecache run.
194              Use  0  to  completely disable automatic metadata synchronizing.
195              The default corresponds to three hours. The value is rounded  to
196              the next commenced hour.
197
198       module_platform_id
199              string
200
201              Set  this to $name:$stream to override PLATFORM_ID detected from
202              /etc/os-release.  It is necessary to perform  a  system  upgrade
203              and switch to a new platform.
204
205       obsoletes
206              boolean
207
208              This option only has affect during an install/update. It enables
209              dnf's obsoletes processing logic, which means it makes dnf check
210              whether any dependencies of given package are no longer required
211              and  removes  them.   Useful  when  doing   distribution   level
212              upgrades.  Default is 'true'.
213
214              Command-line option: --obsoletes
215
216       pluginconfpath
217              list
218
219              List  of directories that are searched for plugin configurations
220              to load. All configuration files  found  in  these  directories,
221              that are named same as a plugin, are parsed. The default path is
222              /etc/dnf/plugins.
223
224       pluginpath
225              list
226
227              List of directories that are searched for plugins to load. Plug‐
228              ins found in any of the directories in this configuration option
229              are used. The default contains a Python version-specific path.
230
231       protected_packages
232              list
233
234              List of packages that DNF should never completely  remove.  They
235              are protected via Obsoletes as well as user/plugin removals.
236
237              The   default   is:  dnf,  glob:/etc/yum/protected.d/*.conf  and
238              glob:/etc/dnf/protected.d/*.conf. So any packages  which  should
239              be  protected  can  do  so  by including a file in /etc/dnf/pro‐
240              tected.d with their package name in it.
241
242              DNF will protect also the package corresponding to  the  running
243              version of the kernel.
244
245       reposdir
246              list
247
248              DNF  searches  for  repository  configuration files in the paths
249              specified by reposdir. The behavior  of  reposdir  could  differ
250              when it is used along with --installroot option.
251
252       rpmverbosity
253              string
254
255              RPM  debug  scriptlet output level. One of: critical, emergency,
256              error, warn, info or debug. Default is info.
257
258       upgrade_group_objects_upgrade
259              boolean
260
261              Set this to False to disable  the  automatic  running  of  group
262              upgrade  when running the upgrade command. Default is True (per‐
263              form the operation).
264

REPO OPTIONS

266       baseurl
267              list
268
269              URLs for the repository.
270
271       cost   integer
272
273              The relative cost of accessing this  repository,  defaulting  to
274              1000.  This value is compared when the priorities of two reposi‐
275              tories are the same. The repository  with  the  lowest  cost  is
276              picked.  It is useful to make the library prefer on-disk reposi‐
277              tories to remote ones.
278
279       enabled
280              boolean
281
282              Include this repository as a  package  source.  The  default  is
283              True.
284
285       gpgkey list of strings
286
287              URLs  of  a  GPG key files that can be used for signing metadata
288              and packages of this repository, empty by default. If a file can
289              not  be verified using the already imported keys, import of keys
290              from this option is attempted and the keys  are  then  used  for
291              verification.
292
293       metalink
294              string
295
296              URL of a metalink for the repository.
297
298       mirrorlist
299              string
300
301              URL of a mirrorlist for the repository.
302
303       module_hotfixes
304              boolean
305
306              Set  this  to  True to disable module RPM filtering and make all
307              RPMs from the repository available. The default is False.   This
308              allows  user  to create a repository with cherry-picked hotfixes
309              that are included in a package set on a modular system.
310
311       name   string
312
313              A human-readable name of the repository. Defaults to the  ID  of
314              the repository.
315
316       priority
317              integer
318
319              The  priority  value of this repository, default is 99. If there
320              is more than one candidate package for a  particular  operation,
321              the  one  from  a repo with the lowest priority value is picked,
322              possibly despite being less convenient otherwise (e.g. by  being
323              a lower version).
324
325       retries
326              integer
327
328              Overrides  the  retries  option from the [main] section for this
329              repository.
330
331       skip_if_unavailable
332              boolean
333
334              If enabled, DNF will continue running and disable the repository
335              that couldn't be contacted for any reason when downloading meta‐
336              data. This option doesn't affect skipping of  unavailable  pack‐
337              ages  after  dependency  resolution. To check inaccessibility of
338              repository use it  in  combination  with  refresh  command  line
339              option. The default is True.
340
341       strict boolean
342
343              If  disabled,  all  unavailable packages or packages with broken
344              dependencies given to DNF command will be skipped without  rais‐
345              ing  the  error  causing  the whole operation to fail. Currently
346              works for install command only. The default is True.
347
348       type   string
349
350              Type of  repository  metadata.  Supported  values  are:  rpm-md.
351              Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
352

REPO VARIABLES

354       Right  side of every repo option can be enriched by the following vari‐
355       ables:
356
357       $arch
358          Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
359          x86_64.
360
361       $basearch
362          Refers to the base architecture of the system. For example, i686 and
363          i586 machines both have a base architecture of i386, and  AMD64  and
364          Intel64 machines have a base architecture of x86_64.
365
366       $releasever
367          Refers  to the release version of operating system which DNF derives
368          from information available in RPMDB.
369
370       In addition to these hard coded variables, user-defined ones  can  also
371       be  used.  They  can  be defined either via variable files, or by using
372       special environmental variables. The names of these variables  must  be
373       prefixed  with DNF_VAR_ and they can only consist of alphanumeric char‐
374       acters and underscores:
375
376          $ DNF_VAR_MY_VARIABLE=value
377

OPTIONS FOR BOTH [MAIN] AND REPO

379       Some options can be applied in either the main section, per repository,
380       or in a combination. The value provided in the main section is used for
381       all repositories as the default value  and  concrete  repositories  can
382       override it in their configuration.
383
384       bandwidth
385              storage size
386
387              Total  bandwidth available for downloading. Meaningful when used
388              with the throttle option. Storage size is in  bytes  by  default
389              but  can  be  specified  with a unit of storage. Valid units are
390              'k', 'M', 'G'.
391
392       deltarpm
393              boolean
394
395              When enabled,  DNF  will  save  bandwidth  by  downloading  much
396              smaller  delta  RPM  files, rebuilding them to RPM locally. How‐
397              ever, this is quite CPU and I/O intensive. Default is True.
398
399       deltarpm_percentage
400              integer
401
402              When the relative size of delta vs  pkg  is  larger  than  this,
403              delta is not used.  Default value is 75 (Deltas must be at least
404              25% smaller than the pkg).  Use 0 to turn off delta rpm process‐
405              ing.  Local  repositories (with file:// baseurl) have delta rpms
406              turned off by default.
407
408       enablegroups
409              boolean
410
411              Determines whether DNF will allow the use of package groups  for
412              this repository. Default is True (package groups are allowed).
413
414       excludepkgs
415              list
416
417              Exclude  packages  of  this repository, specified by a name or a
418              glob and separated by a comma, from all operations.  Can be dis‐
419              abled using --disableexcludes command line switch.
420
421       fastestmirror
422              boolean
423
424              If  enabled  a metric is used to find the fastest available mir‐
425              ror. This overrides the order provided  by  the  mirrorlist/met‐
426              alink  file  itself. This file is often dynamically generated by
427              the server to provide the  best  download  speeds  and  enabling
428              fastestmirror overrides this. The default is False.
429
430       gpgcheck
431              boolean
432
433              Whether to perform GPG signature check on packages found in this
434              repository.  The default is False.
435
436              This option can only be used to strengthen the active RPM  secu‐
437              rity  policy  set  with  the  %_pkgverify_level  macro  (see the
438              /usr/lib/rpm/macros file for details).  That means, if the macro
439              is set to 'signature' or 'all' and this option is False, it will
440              be overridden to True during DNF runtime, and a warning will  be
441              printed.   To squelch the warning, make sure this option is True
442              for every enabled repository, and also enable localpkg_gpgcheck.
443
444       includepkgs
445              list
446
447              Include packages of this repository, specified by a  name  or  a
448              glob  and  separated  by a comma, in all operations.  Inverse of
449              excludepkgs, DNF will exclude any package in the repository that
450              doesn't  match this list. This works in conjunction with exclude
451              and doesn't override it,  so  if  you  'excludepkgs=*.i386'  and
452              'includepkgs=python*'  then  only  packages starting with python
453              that do not have an i386 arch will be seen by DNF in this  repo.
454              Can be disabled using --disableexcludes command line switch.
455
456       ip_resolve
457              IP address type
458
459              Determines  how  DNF resolves host names. Set this to '4'/'IPv4'
460              or '6'/'IPv6' to resolve to IPv4  or  IPv6  addresses  only.  By
461              default, DNF resolves to either addresses.
462
463       localpkg_gpgcheck
464              boolean
465
466              Whether  to  perform  a  GPG  signature  check on local packages
467              (packages in a file, not  in  a  repository).   The  default  is
468              False.  This option is subject to the active RPM security policy
469              (see gpgcheck for more details).
470
471       max_parallel_downloads
472              integer
473
474              Maximum number of simultaneous package downloads. Defaults to 3.
475
476       metadata_expire
477              time in seconds
478
479              The period after which the  remote  repository  is  checked  for
480              metadata  update  and  in  the  positive case the local metadata
481              cache is updated. The default corresponds to 48 hours. Set  this
482              to -1 or never to make the repo never considered expired. Expire
483              of metadata can bee also triggered by  change  of  timestamp  of
484              configuration    files   (dnf.conf,   <repo>.repo).   See   also
485              check_config_file_age.
486
487       minrate
488              storage size
489
490              This sets the low speed threshold in bytes per  second.  If  the
491              server  is  sending  data  at the same or slower speed than this
492              value for at least timeout option seconds, DNF aborts  the  con‐
493              nection. The default is 1000. Valid units are 'k', 'M', 'G'.
494
495       proxy  string
496
497              URL  of  a proxy server to connect through. If none is specified
498              then direct connection is used (the default).
499
500       proxy_username
501              string
502
503              The username to use for connecting to the proxy server. Empty by
504              default.
505
506       proxy_password
507              string
508
509              The password to use for connecting to the proxy server. Empty by
510              default.
511
512       proxy_auth_method
513              string
514
515              The authentication method used by the proxy server. Valid values
516              are   'basic',   'digest',   'negotiate',  'ntlm',  'digest_ie',
517              'ntlm_wb', 'none' and 'any' (default).
518
519       repo_gpgcheck
520              boolean
521
522              Whether to perform GPG  signature  check  on  this  repository's
523              metadata. The default is False.
524
525       retries
526              integer
527
528              Set  the  number  of times any attempt to retrieve a file should
529              retry before returning an error. Setting this to 0 makes dnf try
530              forever. Default is 10.
531
532       sslcacert
533              string
534
535              Path to the directory or file containing the certificate author‐
536              ities to verify SSL certificates.  Empty by default - uses  sys‐
537              tem default.
538
539       sslverify
540              boolean
541
542              When enabled, remote SSL connections are verified. If the client
543              can not be authenticated connecting fails and the given repo  is
544              not  used further. On False, SSL connections can be used but are
545              not verified. Default is True.
546
547       sslclientcert
548              string
549
550              Path to the SSL client certificate used  to  connect  to  remote
551              sites.  Empty by default.
552
553       sslclientkey
554              string
555
556              Path  to  the  SSL  client  key used to connect to remote sites.
557              Empty by default.
558
559       throttle
560              storage size
561
562              Limits the downloading speed. It might be an absolute value or a
563              percentage,  relative  to  the  value  of  the  bandwidth option
564              option. 0 means no throttling (the default). The absolute  value
565              is in bytes by default but can be specified with a unit of stor‐
566              age. Valid units are 'k', 'M', 'G'.
567
568       timeout
569              time in seconds
570
571              Number of seconds to wait for a connection  before  timing  out.
572              Used  in  combination with minrate option option. Defaults to 30
573              seconds.
574
575       username
576              string
577
578              The username to use for  connecting  to  repo  with  basic  HTTP
579              authentication. Empty by default.
580
581       password
582              string
583
584              The  password  to  use  for  connecting  to repo with basic HTTP
585              authentication. Empty by default.
586

TYPES OF OPTIONS

588       boolean
589              This is a data type with only two possible values.
590
591              One of following options can be used: 1, 0, True, False, yes, no
592
593       integer
594              It is a whole number that can be written  without  a  fractional
595              component.
596
597       list   It  is  an option that could represent one or more strings sepa‐
598              rated by space or comma characters.
599
600       string It is a sequence of symbols or  digits  without  any  whitespace
601              character.
602

FILES

604       Cache Files
605              /var/cache/dnf
606
607       Main Configuration File
608              /etc/dnf/dnf.conf
609
610       Repository
611              /etc/yum.repos.d/
612
613       Variables
614              Any  properly named file in /etc/dnf/vars is turned into a vari‐
615              able named after the filename (or overrides  any  of  the  above
616              variables but those set from commandline). Filenames may contain
617              only alphanumeric characters and underscores and  be  in  lower‐
618              case.
619

SEE ALSO

621       · dnf(8), DNF Command Reference
622

AUTHOR

624       See AUTHORS in DNF source distribution.
625
627       2012-2014, Red Hat, Licensed under GPLv2+
628
629
630
631
6324.2.5                            Apr 25, 2019                      DNF.CONF(5)
Impressum