1DNF.CONF(5)                           DNF                          DNF.CONF(5)
2
3
4

NAME

6       dnf.conf - DNF Configuration Reference
7

DESCRIPTION

9       DNF  by default uses the global configuration file at /etc/dnf/dnf.conf
10       and all *.repo files found under /etc/yum.repos.d. The latter is  typi‐
11       cally  used  for  repository  configuration  and  takes precedence over
12       global configuration.
13
14       The configuration file has INI format consisting of section declaration
15       and name=value options below each on separate line. There are two types
16       of sections in the configuration files: main and repository. Main  sec‐
17       tion defines all global configuration options and should be only one.
18
19       The  repository  sections  define the configuration for each (remote or
20       local) repository. The section name of the repository in brackets serve
21       as  repo  ID reference and should be unique across configuration files.
22       The allowed characters of repo ID string are lower and upper  case  al‐
23       phabetic  letters,  digits, -, _, .  and :. The minimal repository con‐
24       figuration file should aside from repo ID consists of baseurl, metalink
25       or mirrorlist option definition.
26

DISTRIBUTION-SPECIFIC CONFIGURATION

28       Configuration  options, namely best and skip_if_unavailable, can be set
29       in the DNF configuration file by your distribution to override the  DNF
30       defaults.
31

[MAIN] OPTIONS

33       allow_vendor_change
34              boolean
35
36              If disabled dnf will stick to vendor when upgrading or downgrad‐
37              ing rpms.  Default is True
38
39              WARNING:
40                 This option is currently not supported for downgrade and dis‐
41                 tro-sync commands
42
43       arch   string
44
45              The  architecture  used for installing packages. By default this
46              is auto-detected. Often used together with ignorearch option.
47
48       assumeno
49              boolean
50
51              If enabled dnf will assume No where it would normally prompt for
52              confirmation from user input. Default is False.
53
54       assumeyes
55              boolean
56
57              If  enabled  dnf  will assume Yes where it would normally prompt
58              for confirmation from user input (see also defaultyes).  Default
59              is False.
60
61       autocheck_running_kernel
62              boolean
63
64              Automatic  check  whether there is installed newer kernel module
65              with security update than currently running kernel.  Default  is
66              True.
67
68       basearch
69              string
70
71              The  base  architecture used for installing packages. By default
72              this is auto-detected.
73
74       best   boolean
75
76              True instructs the solver to either use a package with the high‐
77              est available version or fail. On False, do not fail if the lat‐
78              est version cannot be installed and go with the  lower  version.
79              The default is False.  Note this option in particular can be set
80              in your configuration file by your distribution. Also note  that
81              the  use of the highest available version is only guaranteed for
82              the packages directly requested and not for their dependencies.
83
84       cachedir
85              string
86
87              Path to a directory used by various DNF subsystems  for  storing
88              cache data.  Has a reasonable root-writable default depending on
89              the distribution. DNF needs to be able to create files  and  di‐
90              rectories at this location.
91
92       cacheonly
93              boolean
94
95              If set to True DNF will run entirely from system cache, will not
96              update the cache and will use it even in case it is expired. De‐
97              fault is False.
98
99              API  Notes:  Must  be set before repository objects are created.
100              Plugins must set this in the pre_config hook. Later changes  are
101              ignored.
102
103       check_config_file_age
104              boolean
105
106              Specifies  whether  dnf  should automatically expire metadata of
107              repos, which are older than  their  corresponding  configuration
108              file (usually the dnf.conf file and the foo.repo file).  Default
109              is True (perform the check). Expire of metadata is also affected
110              by metadata age.  See also metadata_expire.
111
112       clean_requirements_on_remove
113              boolean
114
115              Remove dependencies that are no longer used during dnf remove. A
116              package only qualifies for removal via clean_requirements_on_re‐
117              move  if  it  was installed through DNF but not on explicit user
118              request, i.e. it was pulled in as a dependency. The  default  is
119              True.  (installonlypkgs are never automatically removed.)
120
121       config_file_path
122              string
123
124              Path   to  the  default  main  configuration  file.  Default  is
125              /etc/dnf/dnf.conf.
126
127       debuglevel
128              integer
129
130              Debug messages output level, in the range 0 to  10.  The  higher
131              the number the more debug output is put to stdout. Default is 2.
132
133       debug_solver
134              boolean
135
136              Controls  whether the libsolv debug files should be created when
137              solving the transaction. The debug  files  are  created  in  the
138              ./debugdata directory.  Default is False.
139
140       defaultyes
141              boolean
142
143              If  enabled the default answer to user confirmation prompts will
144              be Yes. Not to be confused with assumeyes which will not  prompt
145              at all. Default is False.
146
147       diskspacecheck
148              boolean
149
150              Controls  whether  rpm  should check available disk space during
151              the transaction.  Default is True.
152
153       errorlevel
154              integer
155
156              Error messages output level, in the range 0 to  10.  The  higher
157              the number the more error output is put to stderr. Default is 3.
158              This is deprecated in DNF and overwritten by --verbose  command‐
159              line option.
160
161       exclude_from_weak
162              list
163
164              Prevent  installing packages as weak dependencies (recommends or
165              supplements). The packages can be specified by a name or a  glob
166              and separated by a comma. Defaults to [].
167
168       exclude_from_weak_autodetect
169              boolean
170
171              If  enabled, dnf will autodetect unmet weak dependencies (recom‐
172              mends or supplements)  of  packages  installed  on  the  system.
173              Providers  of  these  weak dependencies will not be installed by
174              dnf as weak dependencies any more (they will still be  installed
175              if pulled in as a regular dependency). Defaults to true.
176
177       exit_on_lock
178              boolean
179
180              Should  the  dnf client exit immediately when something else has
181              the lock. Default is False.
182
183       gpgkey_dns_verification
184              boolean
185
186              Should the dnf attempt to automatically verify GPG  verification
187              keys  using  the  DNS  system.  This option requires the unbound
188              python module (python3-unbound) to be installed  on  the  client
189              system.  This  system has two main features. The first one is to
190              check if any of the already installed keys  have  been  revoked.
191              Automatic  removal  of the key is not yet available, so it is up
192              to the user, to remove revoked keys from the system. The  second
193              feature  is automatic verification of new keys when a repository
194              is added to the system. In interactive mode, the result is writ‐
195              ten  to  the output as a suggestion to the user. In non-interac‐
196              tive mode (i.e. when -y is used), this system will automatically
197              accept  keys  that  are  available  in the DNS and are correctly
198              signed using DNSSEC. It will also accept keys that do not  exist
199              in  the  DNS system and their NON-existence is cryptographically
200              proven using DNSSEC. This is mainly to preserve backward compat‐
201              ibility.  Default is False.
202
203       group_package_types
204              list
205
206              List  of  the following: optional, default, mandatory. Tells dnf
207              which  type  of  packages  in  groups  will  be  installed  when
208              'groupinstall' is called. Default is: default, mandatory.
209
210       ignorearch
211              boolean
212
213              If  set to True, RPM will allow attempts to install packages in‐
214              compatible with the CPU's architecture. Defaults to False. Often
215              used together with arch option.
216
217       installonlypkgs
218              list
219
220              List  of  provide names of packages that should only ever be in‐
221              stalled, never upgraded. Kernels in particular  fall  into  this
222              category.   These  packages  are never removed by dnf autoremove
223              even   if   they   were   installed   as    dependencies    (see
224              clean_requirements_on_remove  for  auto  removal details).  This
225              option append the list values  to  the  default  installonlypkgs
226              list  used  by DNF. The number of kept package versions is regu‐
227              lated by installonly_limit.
228
229       installonly_limit
230              integer
231
232              Number of installonly packages allowed to be  installed  concur‐
233              rently.  Defaults  to 3. The minimal number of installonly pack‐
234              ages is 2. Value 0 means unlimited number of  installonly  pack‐
235              ages.  Value  1  is  explicitly not allowed since it complicates
236              kernel upgrades due to protection of the running kernel from re‐
237              moval.
238
239       installroot
240              string
241
242              The  root of the filesystem for all packaging operations. It re‐
243              quires an absolute path. See also --installroot commandline  op‐
244              tion.
245
246       install_weak_deps
247              boolean
248
249              When this option is set to True and a new package is about to be
250              installed, all packages linked by weak dependency relation (Rec‐
251              ommends  or  Supplements flags) with this package will be pulled
252              into the transaction.  Default is True.
253
254       keepcache
255              boolean
256
257              Keeps downloaded packages in the cache when set to True. Even if
258              it  is  set  to  False and packages have not been installed they
259              will still persist until next successful  transaction.  The  de‐
260              fault is False.
261
262       logdir string
263
264              Directory  where  the  log  files  will  be  stored.  Default is
265              /var/log.
266
267       logfilelevel
268              integer
269
270              Log file messages output level, in the range 0 to 10. The higher
271              the number the more debug output is put to logs. Default is 9.
272
273              This  option  controls  dnf.log, dnf.librepo.log and hawkey.log.
274              Although dnf.librepo.log and hawkey.log  are  affected  only  by
275              setting the logfilelevel to 10.
276
277       log_compress
278              boolean
279
280              When  set  to  True,  log files are compressed when they are ro‐
281              tated. Default is False.
282
283       log_rotate
284              integer
285
286              Log files are rotated log_rotate times before being removed.  If
287              log_rotate is 0, the rotation is not performed.  Default is 4.
288
289       log_size
290              storage size
291
292              Log   files  are  rotated  when  they  grow bigger than log_size
293              bytes. If log_size is 0, the rotation is not performed. The  de‐
294              fault is 1 MB. Valid units are 'k', 'M', 'G'.
295
296              The  size  applies  for individual log files, not the sum of all
297              log files.  See also log_rotate.
298
299       metadata_timer_sync
300              time in seconds
301
302              The minimal period between two consecutive makecache timer runs.
303              The  command  will  stop immediately if it's less than this time
304              period since its last run. Does not affect simple makecache run.
305              Use  0  to  completely disable automatic metadata synchronizing.
306              The default corresponds to three hours. The value is rounded  to
307              the next commenced hour.
308
309       module_obsoletes
310              boolean
311
312              This  option controls whether dnf should apply modular obsoletes
313              when possible. Default is False.
314
315       module_platform_id
316              string
317
318              Set this to $name:$stream to override PLATFORM_ID detected  from
319              /etc/os-release.   It  is  necessary to perform a system upgrade
320              and switch to a new platform.
321
322       module_stream_switch
323              boolean
324
325              This option controls whether it's  possible  to  switch  enabled
326              streams of a module. Default is False.
327
328       multilib_policy
329              string
330
331              Controls how multilib packages are treated during install opera‐
332              tions. Can either be "best" (the default) for the  depsolver  to
333              prefer  packages  which best match the system's architecture, or
334              "all" to install packages for all available architectures.
335
336       obsoletes
337              boolean
338
339              This option only has affect during an install/update. It enables
340              dnf's obsoletes processing logic, which means it makes dnf check
341              whether any dependencies of given package are no longer required
342              and  removes  them.   Useful  when  doing distribution level up‐
343              grades.  Default is 'true'.
344
345              Command-line option: --obsoletes
346
347       persistdir
348              string
349
350              Directory where DNF stores its persistent data between runs. De‐
351              fault is "/var/lib/dnf".
352
353       pluginconfpath
354              list
355
356              List  of directories that are searched for plugin configurations
357              to load. All configuration files  found  in  these  directories,
358              that are named same as a plugin, are parsed. The default path is
359              /etc/dnf/plugins.
360
361       pluginpath
362              list
363
364              List of directories that are searched for plugins to load. Plug‐
365              ins found in any of the directories in this configuration option
366              are used. The default contains a Python version-specific path.
367
368       plugins
369              boolean
370
371              Controls whether the plugins are enabled. Default is True.
372
373       protected_packages
374              list
375
376              List of packages that DNF should never completely  remove.  They
377              are protected via Obsoletes as well as user/plugin removals.
378
379              The   default   is:  dnf,  glob:/etc/yum/protected.d/*.conf  and
380              glob:/etc/dnf/protected.d/*.conf. So any packages  which  should
381              be  protected  can  do  so  by including a file in /etc/dnf/pro‐
382              tected.d with their package name in it.
383
384              DNF will protect also the package corresponding to  the  running
385              version of the kernel. See also protect_running_kernel option.
386
387       protect_running_kernel
388              boolean
389
390              Controls  whether  the package corresponding to the running ver‐
391              sion of kernel is protected from removal. Default is True.
392
393       releasever
394              string
395
396              Used for substitution of $releasever in the repository  configu‐
397              ration.  See also repo variables.
398
399       reposdir
400              list
401
402              DNF  searches  for  repository  configuration files in the paths
403              specified by reposdir. The behavior  of  reposdir  could  differ
404              when it is used along with --installroot option.
405
406       rpmverbosity
407              string
408
409              RPM  debug  scriptlet output level. One of: critical, emergency,
410              error, warn, info or debug. Default is info.
411
412       strict boolean
413
414              If disabled, all unavailable packages or  packages  with  broken
415              dependencies  given to DNF command will be skipped without rais‐
416              ing the error causing the whole  operation  to  fail.  Currently
417              works for install command only. The default is True.
418
419       tsflags
420              list
421
422              List of strings adding extra flags for the RPM transaction.
423
424                        ┌─────────────┬────────────────────────────┐
425                        │tsflag value │ RPM Transaction Flag       │
426                        ├─────────────┼────────────────────────────┤
427                        │noscripts    │ RPMTRANS_FLAG_NOSCRIPTS    │
428                        ├─────────────┼────────────────────────────┤
429                        │test         │ RPMTRANS_FLAG_TEST         │
430                        ├─────────────┼────────────────────────────┤
431                        │notriggers   │ RPMTRANS_FLAG_NOTRIGGERS   │
432                        ├─────────────┼────────────────────────────┤
433                        │nodocs       │ RPMTRANS_FLAG_NODOCS       │
434                        ├─────────────┼────────────────────────────┤
435                        │justdb       │ RPMTRANS_FLAG_JUSTDB       │
436                        ├─────────────┼────────────────────────────┤
437                        │nocontexts   │ RPMTRANS_FLAG_NOCONTEXTS   │
438                        ├─────────────┼────────────────────────────┤
439                        │nocaps       │ RPMTRANS_FLAG_NOCAPS       │
440                        ├─────────────┼────────────────────────────┤
441                        │nocrypto     │ RPMTRANS_FLAG_NOFILEDIGEST │
442                        └─────────────┴────────────────────────────┘
443
444              The  nocrypto  option will also set the _RPMVSF_NOSIGNATURES and
445              _RPMVSF_NODIGESTS VS flags. The test option provides a  transac‐
446              tion check without performing the transaction. It includes down‐
447              loading of packages, gpg keys check (including permanent  import
448              of  additional keys if necessary), and rpm check to prevent file
449              conflicts.  The nocaps is supported with rpm-4.14 or later. When
450              nocaps  is  used but rpm doesn't support it, DNF only reports it
451              as an invalid tsflag.
452
453       upgrade_group_objects_upgrade
454              boolean
455
456              Set this to False to disable the automatic running of group  up‐
457              grade when running the upgrade command. Default is True (perform
458              the operation).
459
460       varsdir
461              list
462
463              List of directories where variables definition files are  looked
464              for.  Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
465              files in Configuration reference.
466
467       zchunk boolean
468
469              Enables or disables the use of  repository  metadata  compressed
470              using the zchunk format (if available). Default is True.
471

[MAIN] OPTIONS - COLORS

473       color  string
474
475              Controls if DNF uses colored output on the command line.  Possi‐
476              ble values: "auto", "never", "always". Default is "auto".
477
478       color_list_available_downgrade
479              color
480
481              Color of available packages that are older than installed  pack‐
482              ages.  The option is used during list operations. Default is ma‐
483              genta.
484
485       color_list_available_install
486              color
487
488              Color of packages that are available for installation  and  none
489              of  their versions in installed.  The option is used during list
490              operations. Default is bold,cyan.
491
492       color_list_available_reinstall
493              color
494
495              Color of available packages that are identical to installed ver‐
496              sions  and  are available for reinstalls. Default is bold,under‐
497              line,green.  The option is used during list operations.
498
499       color_list_available_upgrade
500              color
501
502              Color of available packages that are newer than installed  pack‐
503              ages.  Default is bold,blue.  The option is used during list op‐
504              erations.
505
506       color_list_installed_extra
507              color
508
509              Color of installed packages that do not have any  version  among
510              available  packages.  The option is used during list operations.
511              Default is bold,red.
512
513       color_list_installed_newer
514              color
515
516              Color of installed packages that  are  newer  than  any  version
517              among available packages.  The option is used during list opera‐
518              tions. Default is bold,yellow.
519
520       color_list_installed_older
521              color
522
523              Color of installed packages that  are  older  than  any  version
524              among available packages.  The option is used during list opera‐
525              tions. Default is yellow.
526
527       color_list_installed_reinstall
528              color
529
530              Color of installed packages that are  among  available  packages
531              and  can  be reinstalled.  The option is used during list opera‐
532              tions. Default is cyan.
533
534       color_search_match
535              color
536
537              Color of patterns matched in search output. Default is  bold,ma‐
538              genta.
539
540       color_update_installed
541              color
542
543              Color  of removed packages. Default is red.  This option is used
544              during displaying transactions.
545
546       color_update_local
547              color
548
549              Color of local packages that are installed from the @commandline
550              repository.  This option is used during displaying transactions.
551              Default is green.
552
553       color_update_remote
554              color
555
556              Color of packages that  are  installed/upgraded/downgraded  from
557              remote  repositories.   This  option  is  used during displaying
558              transactions. Default is bold,green.
559

REPO OPTIONS

561       baseurl
562              list
563
564              List of URLs for the repository. Defaults to [].
565
566              URLs  are  tried  in  the  listed  order  (equivalent  to  yum's
567              "failovermethod=priority" behaviour).
568
569       cost   integer
570
571              The  relative  cost  of accessing this repository, defaulting to
572              1000. This value is compared when the priorities of two  reposi‐
573              tories  are  the  same.  The  repository with the lowest cost is
574              picked. It is useful to make the library prefer on-disk  reposi‐
575              tories to remote ones.
576
577       enabled
578              boolean
579
580              Include  this  repository  as  a  package source. The default is
581              True.
582
583       gpgkey list of strings
584
585              URLs of a GPG key files that can be used  for  signing  metadata
586              and packages of this repository, empty by default. If a file can
587              not be verified using the already imported keys, import of  keys
588              from  this  option  is  attempted and the keys are then used for
589              verification.
590
591       metalink
592              string
593
594              URL of a metalink for the repository. Defaults to None.
595
596       mirrorlist
597              string
598
599              URL of a mirrorlist for the repository. Defaults to None.
600
601       module_hotfixes
602              boolean
603
604              Set this to True to disable module RPM filtering  and  make  all
605              RPMs  from the repository available. The default is False.  This
606              allows user to create a repository with  cherry-picked  hotfixes
607              that are included in a package set on a modular system.
608
609       name   string
610
611              A  human-readable  name of the repository. Defaults to the ID of
612              the repository.
613
614       priority
615              integer
616
617              The priority value of this repository, default is 99.  If  there
618              is  more  than one candidate package for a particular operation,
619              the one from a repo with the lowest priority  value  is  picked,
620              possibly  despite being less convenient otherwise (e.g. by being
621              a lower version).
622
623       type   string
624
625              Type of  repository  metadata.  Supported  values  are:  rpm-md.
626              Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
627

REPO VARIABLES

629       Right  side of every repo option can be enriched by the following vari‐
630       ables:
631
632       $arch
633          Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
634          x86_64.
635
636       $basearch
637          Refers to the base architecture of the system. For example, i686 and
638          i586 machines both have a base architecture of i386, and  AMD64  and
639          Intel64 machines have a base architecture of x86_64.
640
641       $releasever
642          Refers  to the release version of operating system which DNF derives
643          from information available in RPMDB.
644
645       In addition to these hard coded variables, user-defined ones  can  also
646       be  used.  They  can  be defined either via variable files, or by using
647       special environmental variables. The names of these variables  must  be
648       prefixed  with DNF_VAR_ and they can only consist of alphanumeric char‐
649       acters and underscores:
650
651          $ DNF_VAR_MY_VARIABLE=value
652
653       To use such variable in your repository configuration remove  the  pre‐
654       fix. E.g.:
655
656          [myrepo]
657          baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
658
659       Note  that  it  is not possible to override the arch and basearch vari‐
660       ables using either variable files or environmental variables.
661
662       Although users are encouraged to use named variables, the numbered  en‐
663       vironmental variables DNF0 - DNF9 are still supported:
664
665          $ DNF1=value
666
667          [myrepo]
668          baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
669

OPTIONS FOR BOTH [MAIN] AND REPO

671       Some options can be applied in either the main section, per repository,
672       or in a combination. The value provided in the main section is used for
673       all  repositories  as  the  default  value, which repositories can then
674       override in their configuration.
675
676       bandwidth
677              storage size
678
679              Total bandwidth available for downloading. Meaningful when  used
680              with  the  throttle  option. Storage size is in bytes by default
681              but can be specified with a unit of  storage.  Valid  units  are
682              'k', 'M', 'G'.
683
684       countme
685              boolean
686
687              Determines  whether  a special flag should be added to a single,
688              randomly chosen metalink/mirrorlist query each week.   This  al‐
689              lows the repository owner to estimate the number of systems con‐
690              suming it, by counting such queries over a week's time, which is
691              much more accurate than just counting unique IP addresses (which
692              is subject to both overcounting and undercounting due  to  short
693              DHCP leases and NAT, respectively).
694
695              The  flag is a simple "countme=N" parameter appended to the met‐
696              alink and mirrorlist URL, where N is an integer representing the
697              "longevity"  bucket  this  system  belongs  to.  The following 4
698              buckets are defined, based on how many full  weeks  have  passed
699              since  the beginning of the week when this system was installed:
700              1 = first week, 2 = first month (2-4  weeks),  3  =  six  months
701              (5-24  weeks)  and  4 = more than six months (> 24 weeks).  This
702              information is meant to help  distinguish  short-lived  installs
703              from long-term ones, and to gather other statistics about system
704              lifecycle.
705
706              Default is False.
707
708       deltarpm
709              boolean
710
711              When enabled,  DNF  will  save  bandwidth  by  downloading  much
712              smaller  delta  RPM  files, rebuilding them to RPM locally. How‐
713              ever, this is quite CPU and I/O intensive. Default is True.
714
715       deltarpm_percentage
716              integer
717
718              When the relative size of delta vs  pkg  is  larger  than  this,
719              delta is not used.  Default value is 75 (Deltas must be at least
720              25% smaller than the pkg).  Use 0 to turn off delta rpm process‐
721              ing.  Local  repositories (with file:// baseurl) have delta rpms
722              turned off by default.
723
724       enablegroups
725              boolean
726
727              Determines whether DNF will allow the use of package groups  for
728              this repository. Default is True (package groups are allowed).
729
730       excludepkgs
731              list
732
733              Exclude  packages  of  this repository, specified by a name or a
734              glob and separated by a comma, from all operations.  Can be dis‐
735              abled  using --disableexcludes command line switch.  Defaults to
736              [].
737
738       fastestmirror
739              boolean
740
741              If enabled a metric is used to find the fastest  available  mir‐
742              ror.  This  overrides  the order provided by the mirrorlist/met‐
743              alink file itself. This file is often dynamically  generated  by
744              the  server  to  provide  the  best download speeds and enabling
745              fastestmirror overrides this. The default is False.
746
747       gpgcheck
748              boolean
749
750              Whether to perform GPG signature check on packages found in this
751              repository.  The default is False.
752
753              This  option can only be used to strengthen the active RPM secu‐
754              rity policy  set  with  the  %_pkgverify_level  macro  (see  the
755              /usr/lib/rpm/macros file for details).  That means, if the macro
756              is set to 'signature' or 'all' and this option is False, it will
757              be  overridden to True during DNF runtime, and a warning will be
758              printed.  To squelch the warning, make sure this option is  True
759              for every enabled repository, and also enable localpkg_gpgcheck.
760
761       includepkgs
762              list
763
764              Include  packages  of  this repository, specified by a name or a
765              glob and separated by a comma, in all  operations.   Inverse  of
766              excludepkgs, DNF will exclude any package in the repository that
767              doesn't match this list. This  works  in  conjunction  with  ex‐
768              cludepkgs   and  doesn't  override  it,  so  if  you  'excludep‐
769              kgs=*.i386' and 'includepkgs=python*' then only packages  start‐
770              ing  with  python  that do not have an i386 arch will be seen by
771              DNF in this repo.  Can be disabled using --disableexcludes  com‐
772              mand line switch.  Defaults to [].
773
774       ip_resolve
775              IP address type
776
777              Determines  how  DNF resolves host names. Set this to '4'/'IPv4'
778              or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By  de‐
779              fault, DNF resolves to either addresses.
780
781       localpkg_gpgcheck
782              boolean
783
784              Whether  to  perform  a  GPG  signature  check on local packages
785              (packages in a file, not  in  a  repository).   The  default  is
786              False.  This option is subject to the active RPM security policy
787              (see gpgcheck for more details).
788
789       max_parallel_downloads
790              integer
791
792              Maximum number of simultaneous package downloads. Defaults to 3.
793              Maximum of 20.
794
795       metadata_expire
796              time in seconds
797
798              The  period  after  which  the  remote repository is checked for
799              metadata update and in the  positive  case  the  local  metadata
800              cache  is updated. The default corresponds to 48 hours. Set this
801              to -1 or never to make the repo never considered expired. Expire
802              of metadata can be also triggered by change of timestamp of con‐
803              figuration   files    (dnf.conf,    <repo>.repo).    See    also
804              check_config_file_age.
805
806       minrate
807              storage size
808
809              This  sets  the  low speed threshold in bytes per second. If the
810              server is sending data at the same or  slower  speed  than  this
811              value  for  at least timeout option seconds, DNF aborts the con‐
812              nection. The default is 1000. Valid units are 'k', 'M', 'G'.
813
814       password
815              string
816
817              The password to use for connecting to a  repository  with  basic
818              HTTP authentication. Empty by default.
819
820       proxy  string
821
822              URL of a proxy server to connect through. Set to an empty string
823              in the repository configuration to disable proxy setting  inher‐
824              ited  from  the main section. The expected format of this option
825              is <scheme>://<ip-or-hostname>[:port].  (For  backward  compati‐
826              bility, '_none_' can be used instead of the empty string.)
827
828              Note:  The  curl  environment variables (such as http_proxy) are
829              effective if this option is unset (or '_none_'  is  set  in  the
830              repository configuration). See the curl man page for details.
831
832       proxy_username
833              string
834
835              The username to use for connecting to the proxy server. Empty by
836              default.
837
838       proxy_password
839              string
840
841              The password to use for connecting to the proxy server. Empty by
842              default.
843
844       proxy_auth_method
845              string
846
847              The authentication method used by the proxy server. Valid values
848              are
849
850                          ┌──────────┬────────────────────────────┐
851                          │method    │ meaning                    │
852                          ├──────────┼────────────────────────────┤
853                          │basic     │ HTTP Basic authentication  │
854                          ├──────────┼────────────────────────────┤
855                          │digest    │ HTTP Digest authentication │
856                          ├──────────┼────────────────────────────┤
857                          │negotiate │ HTTP  Negotiate   (SPNEGO) │
858                          │          │ authentication             │
859                          ├──────────┼────────────────────────────┤
860                          │ntlm      │ HTTP NTLM authentication   │
861                          ├──────────┼────────────────────────────┤
862                          │digest_ie │ HTTP Digest authentication │
863                          │          │ with an IE flavor          │
864                          ├──────────┼────────────────────────────┤
865                          │ntlm_wb   │ NTLM delegating to winbind │
866                          │          │ helper                     │
867                          ├──────────┼────────────────────────────┤
868                          │none      │ None auth method           │
869                          ├──────────┼────────────────────────────┤
870                          │any       │ All suitable methods       │
871                          └──────────┴────────────────────────────┘
872
873              Defaults to any
874
875       proxy_sslcacert
876              string
877
878              Path  to the file containing the certificate authorities to ver‐
879              ify proxy SSL certificates.  Empty by default - uses system  de‐
880              fault.
881
882       proxy_sslverify
883              boolean
884
885              When enabled, proxy SSL certificates are verified. If the client
886              can not be authenticated, connecting fails and the repository is
887              not used any further. If False, SSL connections can be used, but
888              certificates are not verified. Default is True.
889
890       proxy_sslclientcert
891              string
892
893              Path to the SSL client certificate  used  to  connect  to  proxy
894              server.  Empty by default.
895
896       proxy_sslclientkey
897              string
898
899              Path  to  the  SSL  client  key used to connect to proxy server.
900              Empty by default.
901
902       repo_gpgcheck
903              boolean
904
905              Whether to perform GPG  signature  check  on  this  repository's
906              metadata.  The  default  is  False.  Note that GPG keys for this
907              check are stored separately from GPG keys used in package signa‐
908              ture  verification. Furthermore, they are also stored separately
909              for each repository.
910
911              This means that dnf may ask to  import  the  same  key  multiple
912              times.  For example, when a key was already imported for package
913              signature verification and this option is turned on, it  may  be
914              needed to import it again for the repository.
915
916       retries
917              integer
918
919              Set  the  number  of total retries for downloading packages. The
920              number is accumulative, so e.g. for retries=10,  dnf  will  fail
921              after any package download fails for eleventh time. Setting this
922              to 0 makes dnf try forever. Default is 10.
923
924       skip_if_unavailable
925              boolean
926
927              If enabled, DNF will continue running and disable the repository
928              that  couldn't  be  synchronized  for  any  reason.  This option
929              doesn't affect skipping of unavailable packages after dependency
930              resolution.  To  check  inaccessibility  of repository use it in
931              combination with refresh command line  option.  The  default  is
932              False.   Note  this option in particular can be set in your con‐
933              figuration file by your distribution.
934
935       sslcacert
936              string
937
938              Path to the file containing the certificate authorities to  ver‐
939              ify SSL certificates.  Empty by default - uses system default.
940
941       sslverify
942              boolean
943
944              When  enabled,  remote  SSL  certificates  are  verified. If the
945              client can not be authenticated, connecting fails and the repos‐
946              itory  is not used any further. If False, SSL connections can be
947              used, but certificates are not verified. Default is True.
948
949       sslverifystatus
950              boolean
951
952              When enabled, revocation status of  the  server  certificate  is
953              verified  using  the  "Certificate Status Request" TLS extension
954              (aka. OCSP stapling). Default is False.
955
956       sslclientcert
957              string
958
959              Path to the SSL client certificate used  to  connect  to  remote
960              sites.  Empty by default.
961
962       sslclientkey
963              string
964
965              Path  to  the  SSL  client  key used to connect to remote sites.
966              Empty by default.
967
968       throttle
969              storage size
970
971              Limits the downloading speed. It might be an absolute value or a
972              percentage,  relative  to  the value of the bandwidth option op‐
973              tion. 0 means no throttling (the default). The absolute value is
974              in bytes by default but can be specified with a unit of storage.
975              Valid units are 'k', 'M', 'G'.
976
977       timeout
978              time in seconds
979
980              Number of seconds to wait for a connection  before  timing  out.
981              Used  in  combination with minrate option option. Defaults to 30
982              seconds.
983
984       username
985              string
986
987              The username to use for connecting to repo with basic  HTTP  au‐
988              thentication. Empty by default.
989
990       user_agent
991              string
992
993              The  User-Agent  string to include in HTTP requests sent by DNF.
994              Defaults to
995
996                 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
997
998              where NAME, VERSION_ID and VARIANT_ID are  OS  identifiers  read
999              from the os-release(5) file, and OS and BASEARCH are the canoni‐
1000              cal OS name and base architecture, respectively.  Example:
1001
1002                 libdnf (Fedora 31; server; Linux.x86_64)
1003

TYPES OF OPTIONS

1005       boolean
1006              This is a data type with only two possible values.
1007
1008              One of following options can be used: 1, 0, True, False, yes, no
1009
1010       integer
1011              It is a whole number that can be written  without  a  fractional
1012              component.
1013
1014       list   It  is  an option that could represent one or more strings sepa‐
1015              rated by space or comma characters.
1016
1017       string It is a sequence of symbols or  digits  without  any  whitespace
1018              character.
1019
1020       color  A  string describing color and modifiers separated with a comma,
1021              for example "red,bold".
1022
1023              • Colors: black, blue, cyan, green, magenta, red, white, yellow
1024
1025              • Modifiers: bold, blink, dim, normal, reverse, underline
1026

FILES

1028       Cache Files
1029              /var/cache/dnf
1030
1031       Main Configuration File
1032              /etc/dnf/dnf.conf
1033
1034       Repository
1035              /etc/yum.repos.d/
1036
1037       Variables
1038              Any properly named file in /etc/dnf/vars is turned into a  vari‐
1039              able  named  after  the  filename (or overrides any of the above
1040              variables but those set from commandline). Filenames may contain
1041              only  alphanumeric  characters  and underscores and be in lower‐
1042              case.  Variables are also read from /etc/yum/vars for  YUM  com‐
1043              patibility reasons.
1044

SEE ALSO

1046dnf(8), DNF Command Reference
1047

AUTHOR

1049       See AUTHORS in DNF source distribution.
1050
1052       2012-2022, Red Hat, Licensed under GPLv2+
1053
1054
1055
1056
10574.14.0                           Sep 09, 2022                      DNF.CONF(5)
Impressum