1DNF.CONF(5) DNF DNF.CONF(5)
2
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case al‐
23 phabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 Configuration options, namely best and skip_if_unavailable, can be set
29 in the DNF configuration file by your distribution to override the DNF
30 defaults.
31
33 allow_vendor_change
34 boolean
35 If disabled dnf will stick to vendor when upgrading or downgrad‐
37 ing rpms. Default is True
38 WARNING:
40 This option is currently not supported for downgrade and dis‐
41 tro-sync commands
42 arch string
44 The architecture used for installing packages. By default this
46 is auto-detected. Often used together with ignorearch option.
47 assumeno
49 boolean
50 If enabled dnf will assume No where it would normally prompt for
52 confirmation from user input. Default is False.
53 assumeyes
55 boolean
56 If enabled dnf will assume Yes where it would normally prompt
58 for confirmation from user input (see also defaultyes). Default
59 is False.
60 autocheck_running_kernel
62 boolean
63 Automatic check whether there is installed newer kernel module
65 with security update than currently running kernel. Default is
66 True.
67 basearch
69 string
70 The base architecture used for installing packages. By default
72 this is auto-detected.
73 best boolean
75 True instructs the solver to either use a package with the high‐
77 est available version or fail. On False, do not fail if the lat‐
78 est version cannot be installed and go with the lower version.
79 The default is False. Note this option in particular can be set
80 in your configuration file by your distribution. Also note that
81 the use of the highest available version is only guaranteed for
82 the packages directly requested and not for their dependencies.
83 cachedir
85 string
86 Path to a directory used by various DNF subsystems for storing
88 cache data. Has a reasonable root-writable default depending on
89 the distribution. DNF needs to be able to create files and di‐
90 rectories at this location.
91 cacheonly
93 boolean
94 If set to True DNF will run entirely from system cache, will not
96 update the cache and will use it even in case it is expired. De‐
97 fault is False.
98 API Notes: Must be set before repository objects are created.
100 Plugins must set this in the pre_config hook. Later changes are
101 ignored.
102 check_config_file_age
104 boolean
105 Specifies whether dnf should automatically expire metadata of
107 repos, which are older than their corresponding configuration
108 file (usually the dnf.conf file and the foo.repo file). Default
109 is True (perform the check). Expire of metadata is also affected
110 by metadata age. See also metadata_expire.
111 clean_requirements_on_remove
113 boolean
114 Remove dependencies that are no longer used during dnf remove. A
116 package only qualifies for removal via clean_requirements_on_re‐
117 move if it was installed through DNF but not on explicit user
118 request, i.e. it was pulled in as a dependency. The default is
119 True. (installonlypkgs are never automatically removed.)
120 config_file_path
122 string
123 Path to the default main configuration file. Default is
125 /etc/dnf/dnf.conf.
126 debuglevel
128 integer
129 Debug messages output level, in the range 0 to 10. The higher
131 the number the more debug output is put to stdout. Default is 2.
132 debug_solver
134 boolean
135 Controls whether the libsolv debug files should be created when
137 solving the transaction. The debug files are created in the
138 ./debugdata directory. Default is False.
139 defaultyes
141 boolean
142 If enabled the default answer to user confirmation prompts will
144 be Yes. Not to be confused with assumeyes which will not prompt
145 at all. Default is False.
146 diskspacecheck
148 boolean
149 Controls whether rpm should check available disk space during
151 the transaction. Default is True.
152 errorlevel
154 integer
155 Error messages output level, in the range 0 to 10. The higher
157 the number the more error output is put to stderr. Default is 3.
158 This is deprecated in DNF and overwritten by --verbose command‐
159 line option.
160 exclude_from_weak
162 list
163 Prevent installing packages as weak dependencies (recommends or
165 supplements). The packages can be specified by a name or a glob
166 and separated by a comma. Defaults to [].
167 exclude_from_weak_autodetect
169 boolean
170 If enabled, dnf will autodetect unmet weak dependencies (recom‐
172 mends or supplements) of packages installed on the system.
173 Providers of these weak dependencies will not be installed by
174 dnf as weak dependencies any more (they will still be installed
175 if pulled in as a regular dependency). Defaults to true.
176 exit_on_lock
178 boolean
179 Should the dnf client exit immediately when something else has
181 the lock. Default is False.
182 gpgkey_dns_verification
184 boolean
185 Should the dnf attempt to automatically verify GPG verification
187 keys using the DNS system. This option requires the unbound
188 python module (python3-unbound) to be installed on the client
189 system. This system has two main features. The first one is to
190 check if any of the already installed keys have been revoked.
191 Automatic removal of the key is not yet available, so it is up
192 to the user, to remove revoked keys from the system. The second
193 feature is automatic verification of new keys when a repository
194 is added to the system. In interactive mode, the result is writ‐
195 ten to the output as a suggestion to the user. In non-interac‐
196 tive mode (i.e. when -y is used), this system will automatically
197 accept keys that are available in the DNS and are correctly
198 signed using DNSSEC. It will also accept keys that do not exist
199 in the DNS system and their NON-existence is cryptographically
200 proven using DNSSEC. This is mainly to preserve backward compat‐
201 ibility. Default is False.
202 group_package_types
204 list
205 List of the following: optional, default, mandatory. Tells dnf
207 which type of packages in groups will be installed when
208 'groupinstall' is called. Default is: default, mandatory.
209 ignorearch
211 boolean
212 If set to True, RPM will allow attempts to install packages in‐
214 compatible with the CPU's architecture. Defaults to False. Often
215 used together with arch option.
216 installonlypkgs
218 list
219 List of provide names of packages that should only ever be in‐
221 stalled, never upgraded. Kernels in particular fall into this
222 category. These packages are never removed by dnf autoremove
223 even if they were installed as dependencies (see
224 clean_requirements_on_remove for auto removal details). This
225 option append the list values to the default installonlypkgs
226 list used by DNF. The number of kept package versions is regu‐
227 lated by installonly_limit.
228 installonly_limit
230 integer
231 Number of installonly packages allowed to be installed concur‐
233 rently. Defaults to 3. The minimal number of installonly pack‐
234 ages is 2. Value 0 means unlimited number of installonly pack‐
235 ages. Value 1 is explicitly not allowed since it complicates
236 kernel upgrades due to protection of the running kernel from re‐
237 moval.
238 installroot
240 string
241 The root of the filesystem for all packaging operations. It re‐
243 quires an absolute path. See also --installroot commandline op‐
244 tion.
245 install_weak_deps
247 boolean
248 When this option is set to True and a new package is about to be
250 installed, all packages linked by weak dependency relation (Rec‐
251 ommends or Supplements flags) with this package will be pulled
252 into the transaction. Default is True.
253 keepcache
255 boolean
256 Keeps downloaded packages in the cache when set to True. Even if
258 it is set to False and packages have not been installed they
259 will still persist until next successful transaction. The de‐
260 fault is False.
261 logdir string
263 Directory where the log files will be stored. Default is
265 /var/log.
266 logfilelevel
268 integer
269 Log file messages output level, in the range 0 to 10. The higher
271 the number the more debug output is put to logs. Default is 9.
272 This option controls dnf.log, dnf.librepo.log and hawkey.log.
274 Although dnf.librepo.log and hawkey.log are affected only by
275 setting the logfilelevel to 10.
276 log_compress
278 boolean
279 When set to True, log files are compressed when they are ro‐
281 tated. Default is False.
282 log_rotate
284 integer
285 Log files are rotated log_rotate times before being removed. If
287 log_rotate is 0, the rotation is not performed. Default is 4.
288 log_size
290 storage size
291 Log files are rotated when they grow bigger than log_size
293 bytes. If log_size is 0, the rotation is not performed. The de‐
294 fault is 1 MB. Valid units are 'k', 'M', 'G'.
295 The size applies for individual log files, not the sum of all
297 log files. See also log_rotate.
298 metadata_timer_sync
300 time in seconds
301 The minimal period between two consecutive makecache timer runs.
303 The command will stop immediately if it's less than this time
304 period since its last run. Does not affect simple makecache run.
305 Use 0 to completely disable automatic metadata synchronizing.
306 The default corresponds to three hours. The value is rounded to
307 the next commenced hour.
308 module_obsoletes
310 boolean
311 This option controls whether dnf should apply modular obsoletes
313 when possible. Default is False.
314 module_platform_id
316 string
317 Set this to $name:$stream to override PLATFORM_ID detected from
319 /etc/os-release. It is necessary to perform a system upgrade
320 and switch to a new platform.
321 module_stream_switch
323 boolean
324 This option controls whether it's possible to switch enabled
326 streams of a module. Default is False.
327 multilib_policy
329 string
330 Controls how multilib packages are treated during install opera‐
332 tions. Can either be "best" (the default) for the depsolver to
333 prefer packages which best match the system's architecture, or
334 "all" to install packages for all available architectures.
335 obsoletes
337 boolean
338 This option only has affect during an install/update. It enables
340 dnf's obsoletes processing logic, which means it makes dnf check
341 whether any dependencies of given package are no longer required
342 and removes them. Useful when doing distribution level up‐
343 grades. Default is 'true'.
344 Command-line option: --obsoletes
346 persistdir
348 string
349 Directory where DNF stores its persistent data between runs. De‐
351 fault is "/var/lib/dnf".
352 pluginconfpath
354 list
355 List of directories that are searched for plugin configurations
357 to load. All configuration files found in these directories,
358 that are named same as a plugin, are parsed. The default path is
359 /etc/dnf/plugins.
360 pluginpath
362 list
363 List of directories that are searched for plugins to load. Plug‐
365 ins found in any of the directories in this configuration option
366 are used. The default contains a Python version-specific path.
367 plugins
369 boolean
370 Controls whether the plugins are enabled. Default is True.
372 protected_packages
374 list
375 List of packages that DNF should never completely remove. They
377 are protected via Obsoletes as well as user/plugin removals.
378 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
380 glob:/etc/dnf/protected.d/*.conf. So any packages which should
381 be protected can do so by including a file in /etc/dnf/pro‐
382 tected.d with their package name in it.
383 DNF will protect also the package corresponding to the running
385 version of the kernel. See also protect_running_kernel option.
386 protect_running_kernel
388 boolean
389 Controls whether the package corresponding to the running ver‐
391 sion of kernel is protected from removal. Default is True.
392 releasever
394 string
395 Used for substitution of $releasever in the repository configu‐
397 ration. See also repo variables.
398 reposdir
400 list
401 DNF searches for repository configuration files in the paths
403 specified by reposdir. The behavior of reposdir could differ
404 when it is used along with --installroot option.
405 rpmverbosity
407 string
408 RPM debug scriptlet output level. One of: critical, emergency,
410 error, warn, info or debug. Default is info.
411 strict boolean
413 If disabled, all unavailable packages or packages with broken
415 dependencies given to DNF command will be skipped without rais‐
416 ing the error causing the whole operation to fail. Currently
417 works for install command only. The default is True.
418 tsflags
420 list
421 List of strings adding extra flags for the RPM transaction.
423 ┌─────────────┬────────────────────────────┐
425 │tsflag value │ RPM Transaction Flag │
426 ├─────────────┼────────────────────────────┤
427 │noscripts │ RPMTRANS_FLAG_NOSCRIPTS │
428 ├─────────────┼────────────────────────────┤
429 │test │ RPMTRANS_FLAG_TEST │
430 ├─────────────┼────────────────────────────┤
431 │notriggers │ RPMTRANS_FLAG_NOTRIGGERS │
432 ├─────────────┼────────────────────────────┤
433 │nodocs │ RPMTRANS_FLAG_NODOCS │
434 ├─────────────┼────────────────────────────┤
435 │justdb │ RPMTRANS_FLAG_JUSTDB │
436 ├─────────────┼────────────────────────────┤
437 │nocontexts │ RPMTRANS_FLAG_NOCONTEXTS │
438 ├─────────────┼────────────────────────────┤
439 │nocaps │ RPMTRANS_FLAG_NOCAPS │
440 ├─────────────┼────────────────────────────┤
441 │nocrypto │ RPMTRANS_FLAG_NOFILEDIGEST │
442 └─────────────┴────────────────────────────┘
443 The nocrypto option will also set the _RPMVSF_NOSIGNATURES and
445 _RPMVSF_NODIGESTS VS flags. The test option provides a transac‐
446 tion check without performing the transaction. It includes down‐
447 loading of packages, gpg keys check (including permanent import
448 of additional keys if necessary), and rpm check to prevent file
449 conflicts. The nocaps is supported with rpm-4.14 or later. When
450 nocaps is used but rpm doesn't support it, DNF only reports it
451 as an invalid tsflag.
452 upgrade_group_objects_upgrade
454 boolean
455 Set this to False to disable the automatic running of group up‐
457 grade when running the upgrade command. Default is True (perform
458 the operation).
459 varsdir
461 list
462 List of directories where variables definition files are looked
464 for. Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
465 files in Configuration reference.
466 zchunk boolean
468 Enables or disables the use of repository metadata compressed
470 using the zchunk format (if available). Default is True.
471
473 color string
474 Controls if DNF uses colored output on the command line. Possi‐
476 ble values: "auto", "never", "always". Default is "auto".
477 color_list_available_downgrade
479 color
480 Color of available packages that are older than installed pack‐
482 ages. The option is used during list operations. Default is ma‐
483 genta.
484 color_list_available_install
486 color
487 Color of packages that are available for installation and none
489 of their versions in installed. The option is used during list
490 operations. Default is bold,cyan.
491 color_list_available_reinstall
493 color
494 Color of available packages that are identical to installed ver‐
496 sions and are available for reinstalls. Default is bold,under‐
497 line,green. The option is used during list operations.
498 color_list_available_upgrade
500 color
501 Color of available packages that are newer than installed pack‐
503 ages. Default is bold,blue. The option is used during list op‐
504 erations.
505 color_list_installed_extra
507 color
508 Color of installed packages that do not have any version among
510 available packages. The option is used during list operations.
511 Default is bold,red.
512 color_list_installed_newer
514 color
515 Color of installed packages that are newer than any version
517 among available packages. The option is used during list opera‐
518 tions. Default is bold,yellow.
519 color_list_installed_older
521 color
522 Color of installed packages that are older than any version
524 among available packages. The option is used during list opera‐
525 tions. Default is yellow.
526 color_list_installed_reinstall
528 color
529 Color of installed packages that are among available packages
531 and can be reinstalled. The option is used during list opera‐
532 tions. Default is cyan.
533 color_search_match
535 color
536 Color of patterns matched in search output. Default is bold,ma‐
538 genta.
539 color_update_installed
541 color
542 Color of removed packages. Default is red. This option is used
544 during displaying transactions.
545 color_update_local
547 color
548 Color of local packages that are installed from the @commandline
550 repository. This option is used during displaying transactions.
551 Default is green.
552 color_update_remote
554 color
555 Color of packages that are installed/upgraded/downgraded from
557 remote repositories. This option is used during displaying
558 transactions. Default is bold,green.
559
561 baseurl
562 list
563 List of URLs for the repository. Defaults to [].
565 URLs are tried in the listed order (equivalent to yum's
567 "failovermethod=priority" behaviour).
568 cost integer
570 The relative cost of accessing this repository, defaulting to
572 1000. This value is compared when the priorities of two reposi‐
573 tories are the same. The repository with the lowest cost is
574 picked. It is useful to make the library prefer on-disk reposi‐
575 tories to remote ones.
576 enabled
578 boolean
579 Include this repository as a package source. The default is
581 True.
582 gpgkey list of strings
584 URLs of a GPG key files that can be used for signing metadata
586 and packages of this repository, empty by default. If a file can
587 not be verified using the already imported keys, import of keys
588 from this option is attempted and the keys are then used for
589 verification.
590 metalink
592 string
593 URL of a metalink for the repository. Defaults to None.
595 mirrorlist
597 string
598 URL of a mirrorlist for the repository. Defaults to None.
600 module_hotfixes
602 boolean
603 Set this to True to disable module RPM filtering and make all
605 RPMs from the repository available. The default is False. This
606 allows user to create a repository with cherry-picked hotfixes
607 that are included in a package set on a modular system.
608 name string
610 A human-readable name of the repository. Defaults to the ID of
612 the repository.
613 priority
615 integer
616 The priority value of this repository, default is 99. If there
618 is more than one candidate package for a particular operation,
619 the one from a repo with the lowest priority value is picked,
620 possibly despite being less convenient otherwise (e.g. by being
621 a lower version).
622 type string
624 Type of repository metadata. Supported values are: rpm-md.
626 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
627
629 Right side of every repo option can be enriched by the following vari‐
630 ables:
631 $arch
633 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
634 x86_64.
635 $basearch
637 Refers to the base architecture of the system. For example, i686 and
638 i586 machines both have a base architecture of i386, and AMD64 and
639 Intel64 machines have a base architecture of x86_64.
640 $releasever
642 Refers to the release version of operating system which DNF derives
643 from information available in RPMDB.
644 In addition to these hard coded variables, user-defined ones can also
646 be used. They can be defined either via variable files, or by using
647 special environmental variables. The names of these variables must be
648 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
649 acters and underscores:
650 $ DNF_VAR_MY_VARIABLE=value
652 To use such variable in your repository configuration remove the pre‐
654 fix. E.g.:
655 [myrepo]
657 baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
658 Note that it is not possible to override the arch and basearch vari‐
660 ables using either variable files or environmental variables.
661 Although users are encouraged to use named variables, the numbered en‐
663 vironmental variables DNF0 - DNF9 are still supported:
664 $ DNF1=value
666 [myrepo]
668 baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
669
671 Some options can be applied in either the main section, per repository,
672 or in a combination. The value provided in the main section is used for
673 all repositories as the default value, which repositories can then
674 override in their configuration.
675 bandwidth
677 storage size
678 Total bandwidth available for downloading. Meaningful when used
680 with the throttle option. Storage size is in bytes by default
681 but can be specified with a unit of storage. Valid units are
682 'k', 'M', 'G'.
683 countme
685 boolean
686 Determines whether a special flag should be added to a single,
688 randomly chosen metalink/mirrorlist query each week. This al‐
689 lows the repository owner to estimate the number of systems con‐
690 suming it, by counting such queries over a week's time, which is
691 much more accurate than just counting unique IP addresses (which
692 is subject to both overcounting and undercounting due to short
693 DHCP leases and NAT, respectively).
694 The flag is a simple "countme=N" parameter appended to the met‐
696 alink and mirrorlist URL, where N is an integer representing the
697 "longevity" bucket this system belongs to. The following 4
698 buckets are defined, based on how many full weeks have passed
699 since the beginning of the week when this system was installed:
700 1 = first week, 2 = first month (2-4 weeks), 3 = six months
701 (5-24 weeks) and 4 = more than six months (> 24 weeks). This
702 information is meant to help distinguish short-lived installs
703 from long-term ones, and to gather other statistics about system
704 lifecycle.
705 Default is False.
707 deltarpm
709 boolean
710 When enabled, DNF will save bandwidth by downloading much
712 smaller delta RPM files, rebuilding them to RPM locally. How‐
713 ever, this is quite CPU and I/O intensive. Default is True.
714 deltarpm_percentage
716 integer
717 When the relative size of delta vs pkg is larger than this,
719 delta is not used. Default value is 75 (Deltas must be at least
720 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
721 ing. Local repositories (with file:// baseurl) have delta rpms
722 turned off by default.
723 enablegroups
725 boolean
726 Determines whether DNF will allow the use of package groups for
728 this repository. Default is True (package groups are allowed).
729 excludepkgs
731 list
732 Exclude packages of this repository, specified by a name or a
734 glob and separated by a comma, from all operations. Can be dis‐
735 abled using --disableexcludes command line switch. Defaults to
736 [].
737 fastestmirror
739 boolean
740 If enabled a metric is used to find the fastest available mir‐
742 ror. This overrides the order provided by the mirrorlist/met‐
743 alink file itself. This file is often dynamically generated by
744 the server to provide the best download speeds and enabling
745 fastestmirror overrides this. The default is False.
746 gpgcheck
748 boolean
749 Whether to perform GPG signature check on packages found in this
751 repository. The default is False.
752 This option can only be used to strengthen the active RPM secu‐
754 rity policy set with the %_pkgverify_level macro (see the
755 /usr/lib/rpm/macros file for details). That means, if the macro
756 is set to 'signature' or 'all' and this option is False, it will
757 be overridden to True during DNF runtime, and a warning will be
758 printed. To squelch the warning, make sure this option is True
759 for every enabled repository, and also enable localpkg_gpgcheck.
760 includepkgs
762 list
763 Include packages of this repository, specified by a name or a
765 glob and separated by a comma, in all operations. Inverse of
766 excludepkgs, DNF will exclude any package in the repository that
767 doesn't match this list. This works in conjunction with ex‐
768 cludepkgs and doesn't override it, so if you 'excludep‐
769 kgs=*.i386' and 'includepkgs=python*' then only packages start‐
770 ing with python that do not have an i386 arch will be seen by
771 DNF in this repo. Can be disabled using --disableexcludes com‐
772 mand line switch. Defaults to [].
773 ip_resolve
775 IP address type
776 Determines how DNF resolves host names. Set this to '4'/'IPv4'
778 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By de‐
779 fault, DNF resolves to either addresses.
780 localpkg_gpgcheck
782 boolean
783 Whether to perform a GPG signature check on local packages
785 (packages in a file, not in a repository). The default is
786 False. This option is subject to the active RPM security policy
787 (see gpgcheck for more details).
788 max_parallel_downloads
790 integer
791 Maximum number of simultaneous package downloads. Defaults to 3.
793 Maximum of 20.
794 metadata_expire
796 time in seconds
797 The period after which the remote repository is checked for
799 metadata update and in the positive case the local metadata
800 cache is updated. The default corresponds to 48 hours. Set this
801 to -1 or never to make the repo never considered expired. Expire
802 of metadata can be also triggered by change of timestamp of con‐
803 figuration files (dnf.conf, <repo>.repo). See also
804 check_config_file_age.
805 minrate
807 storage size
808 This sets the low speed threshold in bytes per second. If the
810 server is sending data at the same or slower speed than this
811 value for at least timeout option seconds, DNF aborts the con‐
812 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
813 password
815 string
816 The password to use for connecting to a repository with basic
818 HTTP authentication. Empty by default.
819 proxy string
821 URL of a proxy server to connect through. Set to an empty string
823 in the repository configuration to disable proxy setting inher‐
824 ited from the main section. The expected format of this option
825 is <scheme>://<ip-or-hostname>[:port]. (For backward compati‐
826 bility, '_none_' can be used instead of the empty string.)
827 Note: The curl environment variables (such as http_proxy) are
829 effective if this option is unset (or '_none_' is set in the
830 repository configuration). See the curl man page for details.
831 proxy_username
833 string
834 The username to use for connecting to the proxy server. Empty by
836 default.
837 proxy_password
839 string
840 The password to use for connecting to the proxy server. Empty by
842 default.
843 proxy_auth_method
845 string
846 The authentication method used by the proxy server. Valid values
848 are
849 ┌──────────┬────────────────────────────┐
851 │method │ meaning │
852 ├──────────┼────────────────────────────┤
853 │basic │ HTTP Basic authentication │
854 ├──────────┼────────────────────────────┤
855 │digest │ HTTP Digest authentication │
856 ├──────────┼────────────────────────────┤
857 │negotiate │ HTTP Negotiate (SPNEGO) │
858 │ │ authentication │
859 ├──────────┼────────────────────────────┤
860 │ntlm │ HTTP NTLM authentication │
861 ├──────────┼────────────────────────────┤
862 │digest_ie │ HTTP Digest authentication │
863 │ │ with an IE flavor │
864 ├──────────┼────────────────────────────┤
865 │ntlm_wb │ NTLM delegating to winbind │
866 │ │ helper │
867 ├──────────┼────────────────────────────┤
868 │none │ None auth method │
869 ├──────────┼────────────────────────────┤
870 │any │ All suitable methods │
871 └──────────┴────────────────────────────┘
872 Defaults to any
874 proxy_sslcacert
876 string
877 Path to the file containing the certificate authorities to ver‐
879 ify proxy SSL certificates. Empty by default - uses system de‐
880 fault.
881 proxy_sslverify
883 boolean
884 When enabled, proxy SSL certificates are verified. If the client
886 can not be authenticated, connecting fails and the repository is
887 not used any further. If False, SSL connections can be used, but
888 certificates are not verified. Default is True.
889 proxy_sslclientcert
891 string
892 Path to the SSL client certificate used to connect to proxy
894 server. Empty by default.
895 proxy_sslclientkey
897 string
898 Path to the SSL client key used to connect to proxy server.
900 Empty by default.
901 repo_gpgcheck
903 boolean
904 Whether to perform GPG signature check on this repository's
906 metadata. The default is False. Note that GPG keys for this
907 check are stored separately from GPG keys used in package signa‐
908 ture verification. Furthermore, they are also stored separately
909 for each repository.
910 This means that dnf may ask to import the same key multiple
912 times. For example, when a key was already imported for package
913 signature verification and this option is turned on, it may be
914 needed to import it again for the repository.
915 retries
917 integer
918 Set the number of total retries for downloading packages. The
920 number is accumulative, so e.g. for retries=10, dnf will fail
921 after any package download fails for eleventh time. Setting this
922 to 0 makes dnf try forever. Default is 10.
923 skip_if_unavailable
925 boolean
926 If enabled, DNF will continue running and disable the repository
928 that couldn't be synchronized for any reason. This option
929 doesn't affect skipping of unavailable packages after dependency
930 resolution. To check inaccessibility of repository use it in
931 combination with refresh command line option. The default is
932 False. Note this option in particular can be set in your con‐
933 figuration file by your distribution.
934 sslcacert
936 string
937 Path to the file containing the certificate authorities to ver‐
939 ify SSL certificates. Empty by default - uses system default.
940 sslverify
942 boolean
943 When enabled, remote SSL certificates are verified. If the
945 client can not be authenticated, connecting fails and the repos‐
946 itory is not used any further. If False, SSL connections can be
947 used, but certificates are not verified. Default is True.
948 sslverifystatus
950 boolean
951 When enabled, revocation status of the server certificate is
953 verified using the "Certificate Status Request" TLS extension
954 (aka. OCSP stapling). Default is False.
955 sslclientcert
957 string
958 Path to the SSL client certificate used to connect to remote
960 sites. Empty by default.
961 sslclientkey
963 string
964 Path to the SSL client key used to connect to remote sites.
966 Empty by default.
967 throttle
969 storage size
970 Limits the downloading speed. It might be an absolute value or a
972 percentage, relative to the value of the bandwidth option op‐
973 tion. 0 means no throttling (the default). The absolute value is
974 in bytes by default but can be specified with a unit of storage.
975 Valid units are 'k', 'M', 'G'.
976 timeout
978 time in seconds
979 Number of seconds to wait for a connection before timing out.
981 Used in combination with minrate option option. Defaults to 30
982 seconds.
983 username
985 string
986 The username to use for connecting to repo with basic HTTP au‐
988 thentication. Empty by default.
989 user_agent
991 string
992 The User-Agent string to include in HTTP requests sent by DNF.
994 Defaults to
995 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
997 where NAME, VERSION_ID and VARIANT_ID are OS identifiers read
999 from the os-release(5) file, and OS and BASEARCH are the canoni‐
1000 cal OS name and base architecture, respectively. Example:
1001 libdnf (Fedora 31; server; Linux.x86_64)
1003
1005 boolean
1006 This is a data type with only two possible values.
1007 One of following options can be used: 1, 0, True, False, yes, no
1009 integer
1011 It is a whole number that can be written without a fractional
1012 component.
1013 list It is an option that could represent one or more strings sepa‐
1015 rated by space or comma characters.
1016 string It is a sequence of symbols or digits without any whitespace
1018 character.
1019 color A string describing color and modifiers separated with a comma,
1021 for example "red,bold".
1022 • Colors: black, blue, cyan, green, magenta, red, white, yellow
1024 • Modifiers: bold, blink, dim, normal, reverse, underline
1026
1028 Cache Files
1029 /var/cache/dnf
1030 Main Configuration File
1032 /etc/dnf/dnf.conf
1033 Repository
1035 /etc/yum.repos.d/
1036 Variables
1038 Any properly named file in /etc/dnf/vars is turned into a vari‐
1039 able named after the filename (or overrides any of the above
1040 variables but those set from commandline). Filenames may contain
1041 only alphanumeric characters and underscores and be in lower‐
1042 case. Variables are also read from /etc/yum/vars for YUM com‐
1043 patibility reasons.
1044
1046 • dnf(8), DNF Command Reference
1047
1049 See AUTHORS in DNF source distribution.
1050
1052 2012-2022, Red Hat, Licensed under GPLv2+
10534.14.0 Sep 09, 2022 DNF.CONF(5)