1DNF.CONF(5) DNF DNF.CONF(5)
2
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case
23 alphabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 arch string
29 The architecture used for installing packages. By default this
31 is auto-detected. Often used together with ignorearch option.
32 assumeyes
34 boolean
35 If enabled dnf will assume Yes where it would normally prompt
37 for confirmation from user input (see also defaultyes). Default
38 is False.
39 autocheck_running_kernel
41 boolean
42 Automatic check whether there is installed newer kernel module
44 with security update than currently running kernel. Default is
45 True.
46 best boolean
48 When upgrading a package, always try to install its highest ver‐
50 sion available, even only to find out some of its deps are not
51 satisfiable. Enable this if you want to experience broken depen‐
52 dencies in the repositories firsthand. The default is False.
53 cachedir
55 string
56 Path to a directory used by various DNF subsystems for storing
58 cache data. Has a reasonable root-writable default depending on
59 the distribution. DNF needs to be able to create files and
60 directories at this location.
61 check_config_file_age
63 boolean
64 Specifies whether dnf should automatically expire metadata of
66 repos, which are older than their corresponding configuration
67 file (usually the dnf.conf file and the foo.repo file). Default
68 is True (perform the check). Expire of metadata is also affected
69 by metadata age. See also metadata_expire.
70 clean_requirements_on_remove
72 boolean
73 Remove dependencies that are no longer used during dnf remove. A
75 package only qualifies for removal via clean_require‐
76 ments_on_remove if it was installed through DNF but not on
77 explicit user request, i.e. it was pulled in as a dependency.
78 The default is True. (installonlypkgs are never automatically
79 removed.)
80 config_file_path
82 string
83 Path to the default main configuration file. Default is
85 /etc/dnf/dnf.conf.
86 debuglevel
88 integer
89 Debug messages output level, in the range 0 to 10. The higher
91 the number the more debug output is put to stdout. Default is 2.
92 defaultyes
94 boolean
95 If enabled the default answer to user confirmation prompts will
97 be Yes. Not to be confused with assumeyes which will not prompt
98 at all. Default is False.
99 errorlevel
101 integer
102 Error messages output level, in the range 0 to 10. The higher
104 the number the more error output is put to stderr. Default is 3.
105 This is deprecated in DNF and overwritten by --verbose command‐
106 line option.
107 exit_on_lock
109 boolean
110 Should the dnf client exit immediately when something else has
112 the lock. Default is False
113 gpgkey_dns_verification
115 boolean
116 Should the dnf attempt to automatically verify GPG verification
118 keys using the DNS system. This option requires libunbound to be
119 installed on the client system. This system has two main fea‐
120 tures. The first one is to check if any of the already installed
121 keys have been revoked. Automatic removal of the key is not yet
122 available, so it is up to the user, to remove revoked keys from
123 the system. The second feature is automatic verification of new
124 keys when a repository is added to the system. In interactive
125 mode, the result is written to the output as a suggestion to the
126 user. In non-interactive mode (i.e. when -y is used), this sys‐
127 tem will automatically accept keys that are available in the DNS
128 and are correctly signed using DNSSEC. It will also accept keys
129 that do not exist in the DNS system and their NON-existence is
130 cryptographically proven using DNSSEC. This is mainly to pre‐
131 serve backward compatibility.
132 group_package_types
134 list
135 List of the following: optional, default, mandatory. Tells dnf
137 which type of packages in groups will be installed when
138 'groupinstall' is called. Default is: default, mandatory
139 ignorearch
141 boolean
142 If set to True, RPM will allow attempts to install packages
144 incompatible with the CPU's architecture. Defaults to False.
145 Often used together with arch option.
146 install_weak_deps
148 boolean
149 When this option is set to True and a new package is about to be
151 installed, all packages linked by weak dependency relation (Rec‐
152 ommends or Supplements flags) with this package will pulled into
153 the transaction. Default is True.
154 installonlypkgs
156 list
157 List of provide names of packages that should only ever be
159 installed, never upgraded. Kernels in particular fall into this
160 category. These packages are never removed by dnf autoremove
161 even if they were installed as dependencies (see
162 clean_requirements_on_remove for auto removal details). This
163 option append the list values to the default installonlypkgs
164 list used by DNF. The number of kept package versions is regu‐
165 lated by installonly_limit.
166 installonly_limit
168 integer
169 Number of installonly packages allowed to be installed concur‐
171 rently. Defaults to 3. The minimal number of installonly pack‐
172 ages is 2. Value 0 or 1 means unlimited number of installonly
173 packages.
174 keepcache
176 boolean
177 Keeps downloaded packages in the cache when set to True. Even if
179 it is set to False and packages have not been installed they
180 will still persist until next successful transaction. The
181 default is False.
182 logdir string
184 Directory where the log files will be stored. Default is
186 /var/log.
187 metadata_timer_sync
189 time in seconds
190 The minimal period between two consecutive makecache timer runs.
192 The command will stop immediately if it's less than this time
193 period since its last run. Does not affect simple makecache run.
194 Use 0 to completely disable automatic metadata synchronizing.
195 The default corresponds to three hours. The value is rounded to
196 the next commenced hour.
197 module_platform_id
199 string
200 Set this to $name:$stream to override PLATFORM_ID detected from
202 /etc/os-release. It is necessary to perform a system upgrade
203 and switch to a new platform.
204 obsoletes
206 boolean
207 This option only has affect during an install/update. It enables
209 dnf's obsoletes processing logic, which means it makes dnf check
210 whether any dependencies of given package are no longer required
211 and removes them. Useful when doing distribution level
212 upgrades. Default is 'true'.
213 Command-line option: --obsoletes
215 pluginconfpath
217 list
218 List of directories that are searched for plugin configurations
220 to load. All configuration files found in these directories,
221 that are named same as a plugin, are parsed. The default path is
222 /etc/dnf/plugins.
223 pluginpath
225 list
226 List of directories that are searched for plugins to load. Plug‐
228 ins found in any of the directories in this configuration option
229 are used. The default contains a Python version-specific path.
230 protected_packages
232 list
233 List of packages that DNF should never completely remove. They
235 are protected via Obsoletes as well as user/plugin removals.
236 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
238 glob:/etc/dnf/protected.d/*.conf. So any packages which should
239 be protected can do so by including a file in /etc/dnf/pro‐
240 tected.d with their package name in it.
241 DNF will protect also the package corresponding to the running
243 version of the kernel.
244 reposdir
246 list
247 DNF searches for repository configuration files in the paths
249 specified by reposdir. The behavior of reposdir could differ
250 when it is used along with --installroot option.
251 rpmverbosity
253 string
254 RPM debug scriptlet output level. One of: critical, emergency,
256 error, warn, info or debug. Default is info.
257 upgrade_group_objects_upgrade
259 boolean
260 Set this to False to disable the automatic running of group
262 upgrade when running the upgrade command. Default is True (per‐
263 form the operation).
264
266 baseurl
267 list
268 URLs for the repository.
270 cost integer
272 The relative cost of accessing this repository, defaulting to
274 1000. This value is compared when the priorities of two reposi‐
275 tories are the same. The repository with the lowest cost is
276 picked. It is useful to make the library prefer on-disk reposi‐
277 tories to remote ones.
278 enabled
280 boolean
281 Include this repository as a package source. The default is
283 True.
284 gpgkey list of strings
286 URLs of a GPG key files that can be used for signing metadata
288 and packages of this repository, empty by default. If a file can
289 not be verified using the already imported keys, import of keys
290 from this option is attempted and the keys are then used for
291 verification.
292 metalink
294 string
295 URL of a metalink for the repository.
297 mirrorlist
299 string
300 URL of a mirrorlist for the repository.
302 module_hotfixes
304 boolean
305 Set this to True to disable module RPM filtering and make all
307 RPMs from the repository available. The default is False. This
308 allows user to create a repository with cherry-picked hotfixes
309 that are included in a package set on a modular system.
310 name string
312 A human-readable name of the repository. Defaults to the ID of
314 the repository.
315 priority
317 integer
318 The priority value of this repository, default is 99. If there
320 is more than one candidate package for a particular operation,
321 the one from a repo with the lowest priority value is picked,
322 possibly despite being less convenient otherwise (e.g. by being
323 a lower version).
324 retries
326 integer
327 Overrides the retries option from the [main] section for this
329 repository.
330 skip_if_unavailable
332 boolean
333 If enabled, DNF will continue running and disable the repository
335 that couldn't be contacted for any reason when downloading meta‐
336 data. This option doesn't affect skipping of unavailable pack‐
337 ages after dependency resolution. To check inaccessibility of
338 repository use it in combination with refresh command line
339 option. The default is True.
340 strict boolean
342 If disabled, all unavailable packages or packages with broken
344 dependencies given to DNF command will be skipped without rais‐
345 ing the error causing the whole operation to fail. Currently
346 works for install command only. The default is True.
347 type string
349 Type of repository metadata. Supported values are: rpm-md.
351 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
352
354 Right side of every repo option can be enriched by the following vari‐
355 ables:
356 $arch
358 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
359 x86_64.
360 $basearch
362 Refers to the base architecture of the system. For example, i686 and
363 i586 machines both have a base architecture of i386, and AMD64 and
364 Intel64 machines have a base architecture of x86_64.
365 $releasever
367 Refers to the release version of operating system which DNF derives
368 from information available in RPMDB.
369 In addition to these hard coded variables, user-defined ones can also
371 be used. They can be defined either via variable files, or by using
372 special environmental variables. The names of these variables must be
373 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
374 acters and underscores:
375 $ DNF_VAR_MY_VARIABLE=value
377
379 Some options can be applied in either the main section, per repository,
380 or in a combination. The value provided in the main section is used for
381 all repositories as the default value and concrete repositories can
382 override it in their configuration.
383 bandwidth
385 storage size
386 Total bandwidth available for downloading. Meaningful when used
388 with the throttle option. Storage size is in bytes by default
389 but can be specified with a unit of storage. Valid units are
390 'k', 'M', 'G'.
391 deltarpm
393 boolean
394 When enabled, DNF will save bandwidth by downloading much
396 smaller delta RPM files, rebuilding them to RPM locally. How‐
397 ever, this is quite CPU and I/O intensive. Default is True.
398 deltarpm_percentage
400 integer
401 When the relative size of delta vs pkg is larger than this,
403 delta is not used. Default value is 75 (Deltas must be at least
404 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
405 ing. Local repositories (with file:// baseurl) have delta rpms
406 turned off by default.
407 enablegroups
409 boolean
410 Determines whether DNF will allow the use of package groups for
412 this repository. Default is True (package groups are allowed).
413 excludepkgs
415 list
416 Exclude packages of this repository, specified by a name or a
418 glob and separated by a comma, from all operations. Can be dis‐
419 abled using --disableexcludes command line switch.
420 fastestmirror
422 boolean
423 If enabled a metric is used to find the fastest available mir‐
425 ror. This overrides the order provided by the mirrorlist/met‐
426 alink file itself. This file is often dynamically generated by
427 the server to provide the best download speeds and enabling
428 fastestmirror overrides this. The default is False.
429 gpgcheck
431 boolean
432 Whether to perform GPG signature check on packages found in this
434 repository. The default is False.
435 This option can only be used to strengthen the active RPM secu‐
437 rity policy set with the %_pkgverify_level macro (see the
438 /usr/lib/rpm/macros file for details). That means, if the macro
439 is set to 'signature' or 'all' and this option is False, it will
440 be overridden to True during DNF runtime, and a warning will be
441 printed. To squelch the warning, make sure this option is True
442 for every enabled repository, and also enable localpkg_gpgcheck.
443 includepkgs
445 list
446 Include packages of this repository, specified by a name or a
448 glob and separated by a comma, in all operations. Inverse of
449 excludepkgs, DNF will exclude any package in the repository that
450 doesn't match this list. This works in conjunction with exclude
451 and doesn't override it, so if you 'excludepkgs=*.i386' and
452 'includepkgs=python*' then only packages starting with python
453 that do not have an i386 arch will be seen by DNF in this repo.
454 Can be disabled using --disableexcludes command line switch.
455 ip_resolve
457 IP address type
458 Determines how DNF resolves host names. Set this to '4'/'IPv4'
460 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By
461 default, DNF resolves to either addresses.
462 localpkg_gpgcheck
464 boolean
465 Whether to perform a GPG signature check on local packages
467 (packages in a file, not in a repository). The default is
468 False. This option is subject to the active RPM security policy
469 (see gpgcheck for more details).
470 max_parallel_downloads
472 integer
473 Maximum number of simultaneous package downloads. Defaults to 3.
475 metadata_expire
477 time in seconds
478 The period after which the remote repository is checked for
480 metadata update and in the positive case the local metadata
481 cache is updated. The default corresponds to 48 hours. Set this
482 to -1 or never to make the repo never considered expired. Expire
483 of metadata can bee also triggered by change of timestamp of
484 configuration files (dnf.conf, <repo>.repo). See also
485 check_config_file_age.
486 minrate
488 storage size
489 This sets the low speed threshold in bytes per second. If the
491 server is sending data at the same or slower speed than this
492 value for at least timeout option seconds, DNF aborts the con‐
493 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
494 proxy string
496 URL of a proxy server to connect through. If none is specified
498 then direct connection is used (the default).
499 proxy_username
501 string
502 The username to use for connecting to the proxy server. Empty by
504 default.
505 proxy_password
507 string
508 The password to use for connecting to the proxy server. Empty by
510 default.
511 proxy_auth_method
513 string
514 The authentication method used by the proxy server. Valid values
516 are 'basic', 'digest', 'negotiate', 'ntlm', 'digest_ie',
517 'ntlm_wb', 'none' and 'any' (default).
518 repo_gpgcheck
520 boolean
521 Whether to perform GPG signature check on this repository's
523 metadata. The default is False.
524 retries
526 integer
527 Set the number of times any attempt to retrieve a file should
529 retry before returning an error. Setting this to 0 makes dnf try
530 forever. Default is 10.
531 sslcacert
533 string
534 Path to the directory or file containing the certificate author‐
536 ities to verify SSL certificates. Empty by default - uses sys‐
537 tem default.
538 sslverify
540 boolean
541 When enabled, remote SSL connections are verified. If the client
543 can not be authenticated connecting fails and the given repo is
544 not used further. On False, SSL connections can be used but are
545 not verified. Default is True.
546 sslclientcert
548 string
549 Path to the SSL client certificate used to connect to remote
551 sites. Empty by default.
552 sslclientkey
554 string
555 Path to the SSL client key used to connect to remote sites.
557 Empty by default.
558 throttle
560 storage size
561 Limits the downloading speed. It might be an absolute value or a
563 percentage, relative to the value of the bandwidth option
564 option. 0 means no throttling (the default). The absolute value
565 is in bytes by default but can be specified with a unit of stor‐
566 age. Valid units are 'k', 'M', 'G'.
567 timeout
569 time in seconds
570 Number of seconds to wait for a connection before timing out.
572 Used in combination with minrate option option. Defaults to 30
573 seconds.
574 username
576 string
577 The username to use for connecting to repo with basic HTTP
579 authentication. Empty by default.
580 password
582 string
583 The password to use for connecting to repo with basic HTTP
585 authentication. Empty by default.
586
588 boolean
589 This is a data type with only two possible values.
590 One of following options can be used: 1, 0, True, False, yes, no
592 integer
594 It is a whole number that can be written without a fractional
595 component.
596 list It is an option that could represent one or more strings sepa‐
598 rated by space or comma characters.
599 string It is a sequence of symbols or digits without any whitespace
601 character.
602
604 Cache Files
605 /var/cache/dnf
606 Main Configuration File
608 /etc/dnf/dnf.conf
609 Repository
611 /etc/yum.repos.d/
612 Variables
614 Any properly named file in /etc/dnf/vars is turned into a vari‐
615 able named after the filename (or overrides any of the above
616 variables but those set from commandline). Filenames may contain
617 only alphanumeric characters and underscores and be in lower‐
618 case.
619
621 · dnf(8), DNF Command Reference
622
624 See AUTHORS in DNF source distribution.
625
627 2012-2014, Red Hat, Licensed under GPLv2+
6284.2.5 Apr 25, 2019 DNF.CONF(5)