1DNF.CONF(5) DNF DNF.CONF(5)
2
6 dnf.conf - DNF Configuration Reference
7
9 DNF by default uses the global configuration file at /etc/dnf/dnf.conf
10 and all *.repo files found under /etc/yum.repos.d. The latter is typi‐
11 cally used for repository configuration and takes precedence over
12 global configuration.
13 The configuration file has INI format consisting of section declaration
15 and name=value options below each on separate line. There are two types
16 of sections in the configuration files: main and repository. Main sec‐
17 tion defines all global configuration options and should be only one.
18 The repository sections define the configuration for each (remote or
20 local) repository. The section name of the repository in brackets serve
21 as repo ID reference and should be unique across configuration files.
22 The allowed characters of repo ID string are lower and upper case al‐
23 phabetic letters, digits, -, _, . and :. The minimal repository con‐
24 figuration file should aside from repo ID consists of baseurl, metalink
25 or mirrorlist option definition.
26
28 Configuration options, namely best and skip_if_unavailable, can be set
29 in the DNF configuration file by your distribution to override the DNF
30 defaults.
31
33 allow_vendor_change
34 boolean
35 If disabled dnf will stick to vendor when upgrading or downgrad‐
37 ing rpms. Default is True
38 WARNING:
40 This option is currently not supported for downgrade and dis‐
41 tro-sync commands
42 arch string
44 The architecture used for installing packages. By default this
46 is auto-detected. Often used together with ignorearch option.
47 assumeno
49 boolean
50 If enabled dnf will assume No where it would normally prompt for
52 confirmation from user input. Default is False.
53 assumeyes
55 boolean
56 If enabled dnf will assume Yes where it would normally prompt
58 for confirmation from user input (see also defaultyes). Default
59 is False.
60 autocheck_running_kernel
62 boolean
63 Automatic check whether there is installed newer kernel module
65 with security update than currently running kernel. Default is
66 True.
67 basearch
69 string
70 The base architecture used for installing packages. By default
72 this is auto-detected.
73 best boolean
75 True instructs the solver to either use a package with the high‐
77 est available version or fail. On False, do not fail if the lat‐
78 est version cannot be installed and go with the lower version.
79 The default is False. Note this option in particular can be set
80 in your configuration file by your distribution. Also note that
81 the use of the highest available version is only guaranteed for
82 the packages directly requested and not for their dependencies.
83 cachedir
85 string
86 Path to a directory used by various DNF subsystems for storing
88 cache data. Has a reasonable root-writable default depending on
89 the distribution. DNF needs to be able to create files and di‐
90 rectories at this location.
91 cacheonly
93 boolean
94 If set to True DNF will run entirely from system cache, will not
96 update the cache and will use it even in case it is expired. De‐
97 fault is False.
98 API Notes: Must be set before repository objects are created.
100 Plugins must set this in the pre_config hook. Later changes are
101 ignored.
102 check_config_file_age
104 boolean
105 Specifies whether dnf should automatically expire metadata of
107 repos, which are older than their corresponding configuration
108 file (usually the dnf.conf file and the foo.repo file). Default
109 is True (perform the check). Expire of metadata is also affected
110 by metadata age. See also metadata_expire.
111 clean_requirements_on_remove
113 boolean
114 Remove dependencies that are no longer used during dnf remove. A
116 package only qualifies for removal via clean_requirements_on_re‐
117 move if it was installed through DNF but not on explicit user
118 request, i.e. it was pulled in as a dependency. The default is
119 True. (installonlypkgs are never automatically removed.)
120 config_file_path
122 string
123 Path to the default main configuration file. Default is
125 /etc/dnf/dnf.conf.
126 debuglevel
128 integer
129 Debug messages output level, in the range 0 to 10. The higher
131 the number the more debug output is put to stdout. Default is 2.
132 debug_solver
134 boolean
135 Controls whether the libsolv debug files should be created when
137 solving the transaction. The debug files are created in the
138 ./debugdata directory. Default is False.
139 defaultyes
141 boolean
142 If enabled the default answer to user confirmation prompts will
144 be Yes. Not to be confused with assumeyes which will not prompt
145 at all. Default is False.
146 diskspacecheck
148 boolean
149 Controls whether rpm should check available disk space during
151 the transaction. Default is True.
152 errorlevel
154 integer
155 Error messages output level, in the range 0 to 10. The higher
157 the number the more error output is put to stderr. Default is 3.
158 This is deprecated in DNF and overwritten by --verbose command‐
159 line option.
160 exclude_from_weak
162 list
163 Prevent installing packages as weak dependencies (recommends or
165 supplements). The packages can be specified by a name or a glob
166 and separated by a comma. Defaults to [].
167 exclude_from_weak_autodetect
169 boolean
170 If enabled, dnf will autodetect unmet weak dependencies (recom‐
172 mends or supplements) of packages installed on the system.
173 Providers of these weak dependencies will not be installed by
174 dnf as weak dependencies any more (they will still be installed
175 if pulled in as a regular dependency). Defaults to true.
176 exit_on_lock
178 boolean
179 Should the dnf client exit immediately when something else has
181 the lock. Default is False.
182 gpgkey_dns_verification
184 boolean
185 Should the dnf attempt to automatically verify GPG verification
187 keys using the DNS system. This option requires the unbound
188 python module (python3-unbound) to be installed on the client
189 system. This system has two main features. The first one is to
190 check if any of the already installed keys have been revoked.
191 Automatic removal of the key is not yet available, so it is up
192 to the user, to remove revoked keys from the system. The second
193 feature is automatic verification of new keys when a repository
194 is added to the system. In interactive mode, the result is writ‐
195 ten to the output as a suggestion to the user. In non-interac‐
196 tive mode (i.e. when -y is used), this system will automatically
197 accept keys that are available in the DNS and are correctly
198 signed using DNSSEC. It will also accept keys that do not exist
199 in the DNS system and their NON-existence is cryptographically
200 proven using DNSSEC. This is mainly to preserve backward compat‐
201 ibility. Default is False.
202 group_package_types
204 list
205 List of the following: optional, default, mandatory. Tells dnf
207 which type of packages in groups will be installed when
208 'groupinstall' is called. Default is: default, mandatory.
209 ignorearch
211 boolean
212 If set to True, RPM will allow attempts to install packages in‐
214 compatible with the CPU's architecture. Defaults to False. Often
215 used together with arch option.
216 installonlypkgs
218 list
219 List of provide names of packages that should only ever be in‐
221 stalled, never upgraded. Kernels in particular fall into this
222 category. These packages are never removed by dnf autoremove
223 even if they were installed as dependencies (see
224 clean_requirements_on_remove for auto removal details). This
225 option append the list values to the default installonlypkgs
226 list used by DNF. The number of kept package versions is regu‐
227 lated by installonly_limit.
228 installonly_limit
230 integer
231 Number of installonly packages allowed to be installed concur‐
233 rently. Defaults to 3. The minimal number of installonly pack‐
234 ages is 2. Value 0 means unlimited number of installonly pack‐
235 ages. Value 1 is explicitly not allowed since it complicates
236 kernel upgrades due to protection of the running kernel from re‐
237 moval.
238 installroot
240 string
241 The root of the filesystem for all packaging operations. It re‐
243 quires an absolute path. See also --installroot commandline op‐
244 tion.
245 install_weak_deps
247 boolean
248 When this option is set to True and a new package is about to be
250 installed, all packages linked by weak dependency relation (Rec‐
251 ommends or Supplements flags) with this package will be pulled
252 into the transaction. Default is True.
253 keepcache
255 boolean
256 Keeps downloaded packages in the cache when set to True. Even if
258 it is set to False and packages have not been installed they
259 will still persist until next successful transaction. The de‐
260 fault is False.
261 logdir string
263 Directory where the log files will be stored. Default is
265 /var/log.
266 logfilelevel
268 integer
269 Log file messages output level, in the range 0 to 10. The higher
271 the number the more debug output is put to logs. Default is 9.
272 This option controls dnf.log, dnf.librepo.log and hawkey.log.
274 Although dnf.librepo.log and hawkey.log are affected only by
275 setting the logfilelevel to 10.
276 log_compress
278 boolean
279 When set to True, log files are compressed when they are ro‐
281 tated. Default is False.
282 log_rotate
284 integer
285 Log files are rotated log_rotate times before being removed. If
287 log_rotate is 0, the rotation is not performed. Default is 4.
288 log_size
290 storage size
291 Log files are rotated when they grow bigger than log_size
293 bytes. If log_size is 0, the rotation is not performed. The de‐
294 fault is 1 MB. Valid units are 'k', 'M', 'G'.
295 The size applies for individual log files, not the sum of all
297 log files. See also log_rotate.
298 metadata_timer_sync
300 time in seconds
301 The minimal period between two consecutive makecache timer runs.
303 The command will stop immediately if it's less than this time
304 period since its last run. Does not affect simple makecache run.
305 Use 0 to completely disable automatic metadata synchronizing.
306 The default corresponds to three hours. The value is rounded to
307 the next commenced hour.
308 module_obsoletes
310 boolean
311 This option controls whether dnf should apply modular obsoletes
313 when possible. Default is False.
314 module_platform_id
316 string
317 Set this to $name:$stream to override PLATFORM_ID detected from
319 /etc/os-release. It is necessary to perform a system upgrade
320 and switch to a new platform.
321 module_stream_switch
323 boolean
324 This option controls whether it's possible to switch enabled
326 streams of a module. Default is False.
327 multilib_policy
329 string
330 Controls how multilib packages are treated during install opera‐
332 tions. Can either be "best" (the default) for the depsolver to
333 prefer packages which best match the system's architecture, or
334 "all" to install packages for all available architectures.
335 obsoletes
337 boolean
338 This option only has affect during an install/update. It enables
340 dnf's obsoletes processing logic, which means it makes dnf check
341 whether any dependencies of given package are no longer required
342 and removes them. Useful when doing distribution level up‐
343 grades. Default is 'true'.
344 Command-line option: --obsoletes
346 persistdir
348 string
349 Directory where DNF stores its persistent data between runs. De‐
351 fault is "/var/lib/dnf".
352 pluginconfpath
354 list
355 List of directories that are searched for plugin configurations
357 to load. All configuration files found in these directories,
358 that are named same as a plugin, are parsed. The default path is
359 /etc/dnf/plugins.
360 pluginpath
362 list
363 List of directories that are searched for plugins to load. Plug‐
365 ins found in any of the directories in this configuration option
366 are used. The default contains a Python version-specific path.
367 plugins
369 boolean
370 Controls whether the plugins are enabled. Default is True.
372 protected_packages
374 list
375 List of packages that DNF should never completely remove. They
377 are protected via Obsoletes as well as user/plugin removals.
378 The default is: dnf, glob:/etc/yum/protected.d/*.conf and
380 glob:/etc/dnf/protected.d/*.conf. So any packages which should
381 be protected can do so by including a file in /etc/dnf/pro‐
382 tected.d with their package name in it.
383 DNF will protect also the package corresponding to the running
385 version of the kernel. See also protect_running_kernel option.
386 protect_running_kernel
388 boolean
389 Controls whether the package corresponding to the running ver‐
391 sion of kernel is protected from removal. Default is True.
392 releasever
394 string
395 Used for substitution of $releasever in the repository configu‐
397 ration.
398 The $releasever_major and $releasever_minor variables will be
400 automatically derived from $releasever by splitting it on the
401 first .. For example, if $releasever is set to 1.23, then $re‐
402 leasever_major will be 1 and $releasever_minor will be 23.
403 See also repo variables.
405 reposdir
407 list
408 DNF searches for repository configuration files in the paths
410 specified by reposdir. The behavior of reposdir could differ
411 when it is used along with --installroot option.
412 rpmverbosity
414 string
415 RPM debug scriptlet output level. One of: critical, emergency,
417 error, warn, info or debug. Default is info.
418 strict boolean
420 If disabled, all unavailable packages or packages with broken
422 dependencies given to DNF command will be skipped without rais‐
423 ing the error causing the whole operation to fail. Currently
424 works for install command only. The default is True.
425 tsflags
427 list
428 List of strings adding extra flags for the RPM transaction.
430 ┌─────────────┬────────────────────────────┐
432 │tsflag value │ RPM Transaction Flag │
433 ├─────────────┼────────────────────────────┤
434 │noscripts │ RPMTRANS_FLAG_NOSCRIPTS │
435 ├─────────────┼────────────────────────────┤
436 │test │ RPMTRANS_FLAG_TEST │
437 ├─────────────┼────────────────────────────┤
438 │notriggers │ RPMTRANS_FLAG_NOTRIGGERS │
439 ├─────────────┼────────────────────────────┤
440 │nodocs │ RPMTRANS_FLAG_NODOCS │
441 ├─────────────┼────────────────────────────┤
442 │justdb │ RPMTRANS_FLAG_JUSTDB │
443 ├─────────────┼────────────────────────────┤
444 │nocontexts │ RPMTRANS_FLAG_NOCONTEXTS │
445 ├─────────────┼────────────────────────────┤
446 │nocaps │ RPMTRANS_FLAG_NOCAPS │
447 ├─────────────┼────────────────────────────┤
448 │nocrypto │ RPMTRANS_FLAG_NOFILEDIGEST │
449 └─────────────┴────────────────────────────┘
450 The nocrypto option will also set the _RPMVSF_NOSIGNATURES and
452 _RPMVSF_NODIGESTS VS flags. The test option provides a transac‐
453 tion check without performing the transaction. It includes down‐
454 loading of packages, gpg keys check (including permanent import
455 of additional keys if necessary), and rpm check to prevent file
456 conflicts. The nocaps is supported with rpm-4.14 or later. When
457 nocaps is used but rpm doesn't support it, DNF only reports it
458 as an invalid tsflag.
459 upgrade_group_objects_upgrade
461 boolean
462 Set this to False to disable the automatic running of group up‐
464 grade when running the upgrade command. Default is True (perform
465 the operation).
466 varsdir
468 list
469 List of directories where variables definition files are looked
471 for. Defaults to "/etc/dnf/vars", "/etc/yum/vars". See variable
472 files in Configuration reference.
473 zchunk boolean
475 Enables or disables the use of repository metadata compressed
477 using the zchunk format (if available). Default is True.
478
480 color string
481 Controls if DNF uses colored output on the command line. Possi‐
483 ble values: "auto", "never", "always". Default is "auto".
484 color_list_available_downgrade
486 color
487 Color of available packages that are older than installed pack‐
489 ages. The option is used during list operations. Default is ma‐
490 genta.
491 color_list_available_install
493 color
494 Color of packages that are available for installation and none
496 of their versions in installed. The option is used during list
497 operations. Default is bold,cyan.
498 color_list_available_reinstall
500 color
501 Color of available packages that are identical to installed ver‐
503 sions and are available for reinstalls. Default is bold,under‐
504 line,green. The option is used during list operations.
505 color_list_available_upgrade
507 color
508 Color of available packages that are newer than installed pack‐
510 ages. Default is bold,blue. The option is used during list op‐
511 erations.
512 color_list_installed_extra
514 color
515 Color of installed packages that do not have any version among
517 available packages. The option is used during list operations.
518 Default is bold,red.
519 color_list_installed_newer
521 color
522 Color of installed packages that are newer than any version
524 among available packages. The option is used during list opera‐
525 tions. Default is bold,yellow.
526 color_list_installed_older
528 color
529 Color of installed packages that are older than any version
531 among available packages. The option is used during list opera‐
532 tions. Default is yellow.
533 color_list_installed_reinstall
535 color
536 Color of installed packages that are among available packages
538 and can be reinstalled. The option is used during list opera‐
539 tions. Default is cyan.
540 color_search_match
542 color
543 Color of patterns matched in search output. Default is bold,ma‐
545 genta.
546 color_update_installed
548 color
549 Color of removed packages. Default is red. This option is used
551 during displaying transactions.
552 color_update_local
554 color
555 Color of local packages that are installed from the @commandline
557 repository. This option is used during displaying transactions.
558 Default is green.
559 color_update_remote
561 color
562 Color of packages that are installed/upgraded/downgraded from
564 remote repositories. This option is used during displaying
565 transactions. Default is bold,green.
566
568 baseurl
569 list
570 List of URLs for the repository. Defaults to [].
572 URLs are tried in the listed order (equivalent to yum's
574 "failovermethod=priority" behaviour).
575 cost integer
577 The relative cost of accessing this repository, defaulting to
579 1000. This value is compared when the priorities of two reposi‐
580 tories are the same. The repository with the lowest cost is
581 picked. It is useful to make the library prefer on-disk reposi‐
582 tories to remote ones.
583 enabled
585 boolean
586 Include this repository as a package source. The default is
588 True.
589 gpgkey list of strings
591 URLs of a GPG key files that can be used for signing metadata
593 and packages of this repository, empty by default. If a file can
594 not be verified using the already imported keys, import of keys
595 from this option is attempted and the keys are then used for
596 verification.
597 metalink
599 string
600 URL of a metalink for the repository. Defaults to None.
602 mirrorlist
604 string
605 URL of a mirrorlist for the repository. Defaults to None.
607 module_hotfixes
609 boolean
610 Set this to True to disable module RPM filtering and make all
612 RPMs from the repository available. The default is False. This
613 allows user to create a repository with cherry-picked hotfixes
614 that are included in a package set on a modular system.
615 name string
617 A human-readable name of the repository. Defaults to the ID of
619 the repository.
620 priority
622 integer
623 The priority value of this repository, default is 99. If there
625 is more than one candidate package for a particular operation,
626 the one from a repo with the lowest priority value is picked,
627 possibly despite being less convenient otherwise (e.g. by being
628 a lower version).
629 type string
631 Type of repository metadata. Supported values are: rpm-md.
633 Aliases for rpm-md: rpm, repomd, rpmmd, yum, YUM.
634
636 Right side of every repo option can be enriched by the following vari‐
637 ables:
638 $arch
640 Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and
641 x86_64.
642 $basearch
644 Refers to the base architecture of the system. For example, i686 and
645 i586 machines both have a base architecture of i386, and AMD64 and
646 Intel64 machines have a base architecture of x86_64.
647 $releasever
649 Refers to the release version of operating system which DNF derives
650 from information available in RPMDB.
651 $releasever_major
653 Major version of $releasever, i.e. the component of $releasever oc‐
654 curring before the first ..
655 $releasever_minor
657 Minor version of $releasever, i.e. the component of $releasever oc‐
658 curring after the first ..
659 In addition to these hard coded variables, user-defined ones can also
661 be used. They can be defined either via variable files, or by using
662 special environmental variables. The names of these variables must be
663 prefixed with DNF_VAR_ and they can only consist of alphanumeric char‐
664 acters and underscores:
665 $ DNF_VAR_MY_VARIABLE=value
667 To use such variable in your repository configuration remove the pre‐
669 fix. E.g.:
670 [myrepo]
672 baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
673 Note that it is not possible to override the arch and basearch vari‐
675 ables using either variable files or environmental variables.
676 Although users are encouraged to use named variables, the numbered en‐
678 vironmental variables DNF0 - DNF9 are still supported:
679 $ DNF1=value
681 [myrepo]
683 baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
684 A limited form of shell-like parameter expansion is supported for vari‐
686 ables.
687 ${my_variable:-word} If my_variable is unset or empty, then word will
689 be substituted. Otherwise, the value of my_variable will be substi‐
690 tuted.
691 ${my_variable:+word} If my_variable is set and not empty, then word
693 will be substituted. Otherwise, the empty string will be substituted.
694 Parameter expansions can be nested up to a maximum depth of 32. For ex‐
696 ample:
697 ${my_defined_variable:+${my_undefined_variable:-foobar}}
699 will evaluate to foobar.
701
703 Some options can be applied in either the main section, per repository,
704 or in a combination. The value provided in the main section is used for
705 all repositories as the default value, which repositories can then
706 override in their configuration.
707 bandwidth
709 storage size
710 Total bandwidth available for downloading. Meaningful when used
712 with the throttle option. Storage size is in bytes by default
713 but can be specified with a unit of storage. Valid units are
714 'k', 'M', 'G'.
715 countme
717 boolean
718 Determines whether a special flag should be added to a single,
720 randomly chosen metalink/mirrorlist query each week. This al‐
721 lows the repository owner to estimate the number of systems con‐
722 suming it, by counting such queries over a week's time, which is
723 much more accurate than just counting unique IP addresses (which
724 is subject to both overcounting and undercounting due to short
725 DHCP leases and NAT, respectively).
726 The flag is a simple "countme=N" parameter appended to the met‐
728 alink and mirrorlist URL, where N is an integer representing the
729 "longevity" bucket this system belongs to. The following 4
730 buckets are defined, based on how many full weeks have passed
731 since the beginning of the week when this system was installed:
732 1 = first week, 2 = first month (2-4 weeks), 3 = six months
733 (5-24 weeks) and 4 = more than six months (> 24 weeks). This
734 information is meant to help distinguish short-lived installs
735 from long-term ones, and to gather other statistics about system
736 lifecycle.
737 Default is False.
739 deltarpm
741 boolean
742 When enabled, DNF will save bandwidth by downloading much
744 smaller delta RPM files, rebuilding them to RPM locally. How‐
745 ever, this is quite CPU and I/O intensive. Default is True.
746 deltarpm_percentage
748 integer
749 When the relative size of delta vs pkg is larger than this,
751 delta is not used. Default value is 75 (Deltas must be at least
752 25% smaller than the pkg). Use 0 to turn off delta rpm process‐
753 ing. Local repositories (with file:// baseurl) have delta rpms
754 turned off by default.
755 enablegroups
757 boolean
758 Determines whether DNF will allow the use of package groups for
760 this repository. Default is True (package groups are allowed).
761 excludepkgs
763 list
764 Exclude packages of this repository, specified by a name or a
766 glob and separated by a comma, from all operations. Can be dis‐
767 abled using --disableexcludes command line switch. Defaults to
768 [].
769 fastestmirror
771 boolean
772 If enabled a metric is used to find the fastest available mir‐
774 ror. This overrides the order provided by the mirrorlist/met‐
775 alink file itself. This file is often dynamically generated by
776 the server to provide the best download speeds and enabling
777 fastestmirror overrides this. The default is False.
778 gpgcheck
780 boolean
781 Whether to perform GPG signature check on packages found in this
783 repository. The default is False.
784 This option can only be used to strengthen the active RPM secu‐
786 rity policy set with the %_pkgverify_level macro (see the
787 /usr/lib/rpm/macros file for details). That means, if the macro
788 is set to 'signature' or 'all' and this option is False, it will
789 be overridden to True during DNF runtime, and a warning will be
790 printed. To squelch the warning, make sure this option is True
791 for every enabled repository, and also enable localpkg_gpgcheck.
792 includepkgs
794 list
795 Include packages of this repository, specified by a name or a
797 glob and separated by a comma, in all operations. Inverse of
798 excludepkgs, DNF will exclude any package in the repository that
799 doesn't match this list. This works in conjunction with ex‐
800 cludepkgs and doesn't override it, so if you 'excludep‐
801 kgs=*.i386' and 'includepkgs=python*' then only packages start‐
802 ing with python that do not have an i386 arch will be seen by
803 DNF in this repo. Can be disabled using --disableexcludes com‐
804 mand line switch. Defaults to [].
805 ip_resolve
807 IP address type
808 Determines how DNF resolves host names. Set this to '4'/'IPv4'
810 or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By de‐
811 fault, DNF resolves to either addresses.
812 localpkg_gpgcheck
814 boolean
815 Whether to perform a GPG signature check on local packages
817 (packages in a file, not in a repository). The default is
818 False. This option is subject to the active RPM security policy
819 (see gpgcheck for more details).
820 max_parallel_downloads
822 integer
823 Maximum number of simultaneous package downloads. Defaults to 3.
825 Maximum of 20.
826 metadata_expire
828 time in seconds
829 The period after which the remote repository is checked for
831 metadata update and in the positive case the local metadata
832 cache is updated. The default corresponds to 48 hours. Set this
833 to -1 or never to make the repo never considered expired. Expire
834 of metadata can be also triggered by change of timestamp of con‐
835 figuration files (dnf.conf, <repo>.repo). See also
836 check_config_file_age.
837 minrate
839 storage size
840 This sets the low speed threshold in bytes per second. If the
842 server is sending data at the same or slower speed than this
843 value for at least timeout option seconds, DNF aborts the con‐
844 nection. The default is 1000. Valid units are 'k', 'M', 'G'.
845 password
847 string
848 The password to use for connecting to a repository with basic
850 HTTP authentication. Empty by default.
851 proxy string
853 URL of a proxy server to connect through. Set to an empty string
855 in the repository configuration to disable proxy setting inher‐
856 ited from the main section. The expected format of this option
857 is <scheme>://<ip-or-hostname>[:port]. (For backward compati‐
858 bility, '_none_' can be used instead of the empty string.)
859 Note: The curl environment variables (such as http_proxy) are
861 effective if this option is unset (or '_none_' is set in the
862 repository configuration). See the curl man page for details.
863 proxy_username
865 string
866 The username to use for connecting to the proxy server. Empty by
868 default.
869 proxy_password
871 string
872 The password to use for connecting to the proxy server. Empty by
874 default.
875 proxy_auth_method
877 string
878 The authentication method used by the proxy server. Valid values
880 are
881 ┌──────────┬────────────────────────────┐
883 │method │ meaning │
884 ├──────────┼────────────────────────────┤
885 │basic │ HTTP Basic authentication │
886 ├──────────┼────────────────────────────┤
887 │digest │ HTTP Digest authentication │
888 ├──────────┼────────────────────────────┤
889 │negotiate │ HTTP Negotiate (SPNEGO) │
890 │ │ authentication │
891 ├──────────┼────────────────────────────┤
892 │ntlm │ HTTP NTLM authentication │
893 ├──────────┼────────────────────────────┤
894 │digest_ie │ HTTP Digest authentication │
895 │ │ with an IE flavor │
896 ├──────────┼────────────────────────────┤
897 │ntlm_wb │ NTLM delegating to winbind │
898 │ │ helper │
899 ├──────────┼────────────────────────────┤
900 │none │ None auth method │
901 ├──────────┼────────────────────────────┤
902 │any │ All suitable methods │
903 └──────────┴────────────────────────────┘
904 Defaults to any
906 proxy_sslcacert
908 string
909 Path to the file containing the certificate authorities to ver‐
911 ify proxy SSL certificates. Empty by default - uses system de‐
912 fault.
913 proxy_sslverify
915 boolean
916 When enabled, proxy SSL certificates are verified. If the client
918 can not be authenticated, connecting fails and the repository is
919 not used any further. If False, SSL connections can be used, but
920 certificates are not verified. Default is True.
921 proxy_sslclientcert
923 string
924 Path to the SSL client certificate used to connect to proxy
926 server. Empty by default.
927 proxy_sslclientkey
929 string
930 Path to the SSL client key used to connect to proxy server.
932 Empty by default.
933 repo_gpgcheck
935 boolean
936 Whether to perform GPG signature check on this repository's
938 metadata. The default is False. Note that GPG keys for this
939 check are stored separately from GPG keys used in package signa‐
940 ture verification. Furthermore, they are also stored separately
941 for each repository.
942 This means that dnf may ask to import the same key multiple
944 times. For example, when a key was already imported for package
945 signature verification and this option is turned on, it may be
946 needed to import it again for the repository.
947 retries
949 integer
950 Set the number of total retries for downloading packages. The
952 number is accumulative, so e.g. for retries=10, dnf will fail
953 after any package download fails for eleventh time. Setting this
954 to 0 makes dnf try forever. Default is 10.
955 skip_if_unavailable
957 boolean
958 If enabled, DNF will continue running and disable the repository
960 that couldn't be synchronized for any reason. This option
961 doesn't affect skipping of unavailable packages after dependency
962 resolution. To check inaccessibility of repository use it in
963 combination with refresh command line option. The default is
964 False. Note this option in particular can be set in your con‐
965 figuration file by your distribution.
966 sslcacert
968 string
969 Path to the file containing the certificate authorities to ver‐
971 ify SSL certificates. Empty by default - uses system default.
972 sslverify
974 boolean
975 When enabled, remote SSL certificates are verified. If the
977 client can not be authenticated, connecting fails and the repos‐
978 itory is not used any further. If False, SSL connections can be
979 used, but certificates are not verified. Default is True.
980 sslverifystatus
982 boolean
983 When enabled, revocation status of the server certificate is
985 verified using the "Certificate Status Request" TLS extension
986 (aka. OCSP stapling). Default is False.
987 sslclientcert
989 string
990 Path to the SSL client certificate used to connect to remote
992 sites. Empty by default.
993 sslclientkey
995 string
996 Path to the SSL client key used to connect to remote sites.
998 Empty by default.
999 throttle
1001 storage size
1002 Limits the downloading speed. It might be an absolute value or a
1004 percentage, relative to the value of the bandwidth option op‐
1005 tion. 0 means no throttling (the default). The absolute value is
1006 in bytes by default but can be specified with a unit of storage.
1007 Valid units are 'k', 'M', 'G'.
1008 timeout
1010 time in seconds
1011 Number of seconds to wait for a connection before timing out.
1013 Used in combination with minrate option option. Defaults to 30
1014 seconds.
1015 username
1017 string
1018 The username to use for connecting to repo with basic HTTP au‐
1020 thentication. Empty by default.
1021 user_agent
1023 string
1024 The User-Agent string to include in HTTP requests sent by DNF.
1026 Defaults to
1027 libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
1029 where NAME, VERSION_ID and VARIANT_ID are OS identifiers read
1031 from the os-release(5) file, and OS and BASEARCH are the canoni‐
1032 cal OS name and base architecture, respectively. Example:
1033 libdnf (Fedora 31; server; Linux.x86_64)
1035
1037 boolean
1038 This is a data type with only two possible values.
1039 One of following options can be used: 1, 0, True, False, yes, no
1041 integer
1043 It is a whole number that can be written without a fractional
1044 component.
1045 list It is an option that could represent one or more strings sepa‐
1047 rated by space or comma characters.
1048 string It is a sequence of symbols or digits without any whitespace
1050 character.
1051 color A string describing color and modifiers separated with a comma,
1053 for example "red,bold".
1054 • Colors: black, blue, cyan, green, magenta, red, white, yellow
1056 • Modifiers: bold, blink, dim, normal, reverse, underline
1058
1060 Cache Files
1061 /var/cache/dnf
1062 Main Configuration File
1064 /etc/dnf/dnf.conf
1065 Repository
1067 /etc/yum.repos.d/
1068 Variables
1070 Any properly named file in /etc/dnf/vars is turned into a vari‐
1071 able named after the filename (or overrides any of the above
1072 variables but those set from commandline). Filenames may contain
1073 only alphanumeric characters and underscores and be in lower‐
1074 case. Variables are also read from /etc/yum/vars for YUM com‐
1075 patibility reasons.
1076
1078 • dnf(8), DNF Command Reference
1079
1081 See AUTHORS in DNF source distribution.
1082
1084 2012-2023, Red Hat, Licensed under GPLv2+
10854.18.2 Dec 08, 2023 DNF.CONF(5)