dnf5.conf - Man Page
DNF5 Configuration Reference
Description
DNF5 by default uses the global configuration file at /etc/dnf/dnf.conf.
The configuration file has INI format consisting of section declaration and name=value options below each on separate line. There are two types of sections in the configuration files: main and repository. Main section defines all global configuration options and should be only one.
The repository sections define the configuration for each (remote or local) repository. The section name of the repository in brackets serve as repo ID reference and should be unique across configuration files. The allowed characters of repo ID string are lower and upper case alphabetic letters, digits, -, _, . and :. The minimal repository configuration file should aside from repo ID consists of baseurl, metalink or mirrorlist option definition.
[Main] Options
- allow_vendor_change
boolean
If disabled DNF5 will stick to vendor when upgrading or downgrading rpms.
Default: True.
WARNING:
This option is currently not supported for downgrade and distro-sync commands
- assumeno
boolean
If enabled DNF5 will assume No where it would normally prompt for confirmation from user input
Default: False.
- assumeyes
boolean
If enabled DNF5 will assume Yes where it would normally prompt for confirmation from user input (see also defaultyes).
Default: False.
- best
boolean
If True, instructs the solver to either use a package with the highest available version or fail. If False, do not fail if the latest version cannot be installed and go with the lower version.
Default: True.
NOTE:
This option in particular can be set in your configuration file by your distribution.
- cachedir
string
Path to a directory used by various DNF5 subsystems for storing cache data. Has a reasonable root-writable default depending on the distribution. DNF5 needs to be able to create files and directories at this location.
Default: /var/cache/libdnf5.
- cacheonly
string
Can be all, metadata, none.
If set to all DNF5 will run entirely from system cache, will not update the cache and will use the system cache even if it is expired.
If set to metadata DNF5 will cache metadata only.
Default: none.
NOTE:
API Notes: Must be set before repository objects are created. Plugins must set this in the pre_config hook. Later changes are ignored.
- check_config_file_age
boolean
If enabled DNF5 should automatically expire metadata of repos, which are older than their corresponding configuration file (usually the dnf.conf file and the foo.repo file).
Default: True.
NOTE:
Expire of metadata is also affected by metadata age. See also
metadata_expire.
- clean_requirements_on_remove
boolean
If enabled, DNF5 will remove dependencies that are no longer used during dnf remove. A package only qualifies for removal via clean_requirements_on_remove if it was installed through DNF5 but not on explicit user request, i.e. it was pulled in as a dependency.
installonlypkgs are never automatically removed.
Default: True.
- debug_solver
boolean
If enabled, libsolv debug files will be created when solving the transaction. The debug files are created in the ./debugdata directory.
Default: False.
- defaultyes
boolean
If enabled, the default answer to user confirmation prompts will be Yes. Not to be confused with assumeyes which will not prompt at all.
Default: False.
- group_package_types
list
List of the following: optional, default, mandatory.
Tells DNF5 which type of packages in groups will be installed when 'groupinstall' is called.
Default: default,mandatory.
- ignorearch
boolean
If enabled, RPM will allow attempts to install packages incompatible with the CPU's architecture.
Default: False.
- installonlypkgs
list
List of provide names of packages that should only ever be installed, never upgraded. Kernels in particular fall into this category. These packages are never removed by dnf autoremove even if they were installed as dependencies (see clean_requirements_on_remove for auto removal details). This option append the list values to the default installonlypkgs list used by DNF5. The number of kept package versions is regulated by installonly_limit.
- installonly_limit
integer
Number of installonly packages allowed to be installed concurrently.
1 is explicitly not allowed since it complicates kernel upgrades due to protection of the running kernel from removal.
Minimum is 2.
0 means unlimited number of installonly packages.
Default: 3.
- installroot
string
The root of the filesystem for all packaging operations. It requires an absolute path. See also --installroot commandline option.
Default: /.
- install_weak_deps
boolean
If enabled, when a new package is about to be installed, all packages linked by weak dependency relation (Recommends or Supplements flags) with this package will be pulled into the transaction.
Default: True.
- keepcache
boolean
If enabled, keeps downloaded packages in the cache. If disabled cache will persist until the next successful transaction even if no packages have been installed.
Default: False.
- logdir
string
Directory where the log files will be stored.
Default: /var/log.
- log_rotate
integer
Log files are rotated log_rotate times before being removed. If log_rotate is 0, the rotation is not performed.
Default: 4.
- log_size
storage size
Log files are rotated when they grow bigger than log_size bytes. If log_size is 0, the rotation is not performed.
The size applies for individual log files, not the sum of all log files. See also log_rotate.
Default: 1M.
- module_platform_id
string
Set this to $name:$stream to override PLATFORM_ID detected from /etc/os-release. It is necessary to perform a system upgrade and switch to a new platform.
Default: empty.
- multilib_policy
string
Controls how multilib packages are treated during install operations.
Can either be best for the depsolver to prefer packages which best match the system's architecture, or all to install packages for all available architectures.
Default: best.
- obsoletes
boolean
If enabled, DNF5 uses obsoletes processing logic, which means it checks whether any dependencies of given package are no longer required and removes them.
Useful when doing distribution level upgrades.
It has effect during install/upgrade processes.
Command-line option: --obsoletes
Default: True.
- optional_metadata_types
list
List of the following: comps, filelists, other, presto, updateinfo
Defines which types of metadata are to be loaded in addition to primary and modules, which are loaded always as they are essential. Note that the list can be extended by individual DNF commands during runtime.
Default: comps,updateinfo
- persistdir
string
Directory where DNF5 stores its persistent data between runs.
Default: /var/lib/dnf.
- pluginconfpath
list
List of directories that are searched for plugin configurations to load.
All configuration files found in these directories, that are named same as a plugin, are parsed.
Default: /etc/dnf/plugins.
- pluginpath
list
List of directories that are searched for plugins to load. Plugins found in any of the directories in this configuration option are used.
Default: a Python version-specific path.
- plugins
boolean
If enabled, DNF5 plugins are enabled.
Default: True.
- protected_packages
list
This append list option contains names of packages that DNF5 should never completely remove.
They are protected via Obsoletes as well as user/plugin removals.
Default: dnf5,glob:/etc/dnf/protected.d/*.conf.
NOTE:
Any packages which should be protected can do so by including a file in /etc/dnf/protected.d with their package name in it.
DNF5 will protect also the package corresponding to the running version of the kernel. See also protect_running_kernel option.
- protect_running_kernel
boolean
Controls whether the package corresponding to the running version of kernel is protected from removal.
Default: True.
NOTE:
YUM compatibility option
- reposdir
list
Repository configuration files locations.
The behavior of reposdir could differ when it is used along with --installroot option.
Default: TODO add default
system_state
- tsflags
list
List of strings adding extra flags for the RPM transaction.
tsflag value RPM Transaction Flag noscripts RPMTRANS_FLAG_NOSCRIPTS test RPMTRANS_FLAG_TEST notriggers RPMTRANS_FLAG_NOTRIGGERS nodocs RPMTRANS_FLAG_NODOCS justdb RPMTRANS_FLAG_JUSTDB nocontexts RPMTRANS_FLAG_NOCONTEXTS nocaps RPMTRANS_FLAG_NOCAPS nocrypto RPMTRANS_FLAG_NOFILEDIGEST The nocrypto option will also set the _RPMVSF_NOSIGNATURES and _RPMVSF_NODIGESTS VS flags.
The test option provides a transaction check without performing the transaction. It includes downloading of packages, gpg keys check (including permanent import of additional keys if necessary), and rpm check to prevent file conflicts.
The nocaps is supported with rpm-4.14 or later. When nocaps is used but rpm doesn't support it, DNF5 only reports it as an invalid tsflag.
Default: empty.
use_host_config
- varsdir
list
List of directories where variables definition files are looked for.
See variable files in Configuration reference.
Default: /etc/dnf/vars.
- zchunk
boolean
If enabled, repository metadata are compressed using the zchunk format (if available).
Default: True.
[Main] Options - Colors
- color_list_available_upgrade
color
Color of available packages that are newer than installed packages. The option is used during list operations.
Default: bold,blue.
- color_list_available_downgrade
color
Color of available packages that are older than installed packages. The option is used during list operations.
Default: dim,magenta.
- color_list_available_reinstall
color
Color of available packages that are identical to installed versions and are available for reinstalls. The option is used during list operations.
Default: bold,green.
- color_list_available_install
color
Color of packages that are available for installation and none of their versions in installed. The option is used during list operations.
Default: bold,cyan.
- color_update_installed
color
Color of removed packages. This option is used during displaying transactions.
Default: dim,red.
- color_update_label
color
Color of local packages that are installed from the @commandline repository. This option is used during displaying transactions.
Default: dim,green.
- color_update_remote
color
Color of packages that are installed/upgraded/downgraded from remote repositories. This option is used during displaying transactions.
Default: bold,green.
- color_search_match
color
Color of patterns matched in search output.
Default: bold,magenta.
Repo Options
- enabled
boolean
Include this repository as a package source.
Default: True.
Repo Variables
Right side of every repo option can be enriched by the following variables:
- $arch
Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and x86_64.
- $basearch
Refers to the base architecture of the system. For example, i686 and i586 machines both have a base architecture of i386, and AMD64 and Intel64 machines have a base architecture of x86_64.
- $releasever
Refers to the release version of operating system which DNF5 derives from information available in RPMDB.
In addition to these hard coded variables, user-defined ones can also be used. They can be defined either via variable files, or by using special environmental variables. The names of these variables must be prefixed with DNF_VAR_ and they can only consist of alphanumeric characters and underscores:
$ DNF_VAR_MY_VARIABLE=value
To use such variable in your repository configuration remove the prefix. E.g.:
[myrepo] baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever
Note that it is not possible to override the arch and basearch variables using either variable files or environmental variables.
Although users are encouraged to use named variables, the numbered environmental variables DNF0 - DNF9 are still supported:
$ DNF1=value [myrepo] baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
Options for Both [Main] and Repo
Some options can be applied in either the main section, per repository, or in a combination. The value provided in the main section is used for all repositories as the default value, which repositories can then override in their configuration.
- bandwidth
storage size
Total bandwidth available for downloading. Meaningful when used with the throttle option.
Default: 0.
- countme
boolean
Determines whether a special flag should be added to a single, randomly chosen metalink/mirrorlist query each week. This allows the repository owner to estimate the number of systems consuming it, by counting such queries over a week's time, which is much more accurate than just counting unique IP addresses (which is subject to both overcounting and undercounting due to short DHCP leases and NAT, respectively).
The flag is a simple "countme=N" parameter appended to the metalink and mirrorlist URL, where N is an integer representing the "longevity" bucket this system belongs to. The following 4 buckets are defined, based on how many full weeks have passed since the beginning of the week when this system was installed: 1 = first week, 2 = first month (2-4 weeks), 3 = six months (5-24 weeks) and 4 = more than six months (> 24 weeks). This information is meant to help distinguish short-lived installs from long-term ones, and to gather other statistics about system lifecycle.
Default: False.
- deltarpm
boolean
If enabled, DNF5 will save bandwidth by downloading much smaller delta RPM files, rebuilding them to RPM locally. However, this is quite CPU and I/O intensive.
Default: False.
- deltarpm_percentage
integer
When the relative size of delta vs pkg is larger than this, delta is not used. (Deltas must be at least 25% smaller than the pkg). Use 0 to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default.
Default: 75
- enablegroups
boolean
If enabled, DNF5 will allow the use of package groups.
Default: True.
- excludepkgs
list
Exclude packages of this repository, specified by a name or a glob and separated by a comma, from all operations.
Can be disabled using --disableexcludes command line switch.
Default: [].
- fastestmirror
boolean
If enabled, a metric is used to find the fastest available mirror. This overrides the order provided by the mirrorlist/metalink file itself. This file is often dynamically generated by the server to provide the best download speeds and enabling fastestmirror overrides this.
Default: False.
- includepkgs
list
Include packages of this repository, specified by a name or a glob and separated by a comma, in all operations.
Inverse of excludepkgs, DNF5 will exclude any package in the repository that doesn't match this list.
This works in conjunction with excludepkgs and doesn't override it, so if you 'excludepkgs=*.i386' and 'includepkgs=python*' then only packages starting with python that do not have an i386 arch will be seen by DNF5 in this repo.
Can be disabled using --disableexcludes command line switch.
Default: [].
- ip_resolve
ip address
Determines how DNF5 resolves host names. Set this to 4, IPv4, 6, IPv6 to resolve to IPv4 or IPv6 addresses only.
Default: whatever.
- localpkg_gpgcheck
boolean
If enabled, DNF5 will perform a GPG signature check on local packages (packages in a file, not in a repository).
This option is subject to the active RPM security policy (see gpgcheck for more details).
Default: False.
- max_parallel_downloads
integer
Maximum number of simultaneous package downloads. Max is 20.
Default: 3.
- metadata_expire
time in seconds
The period after which the remote repository is checked for metadata update and in the positive case the local metadata cache is updated. It can be -1 or never to make the repo never considered expired.
Expire of metadata can be also triggered by change of timestamp of configuration files (dnf.conf, <repo>.repo).
See also check_config_file_age.
Default: 60 * 60 * 48, 48 hours.
- minrate
storage size
Sets the low speed threshold in bytes per second. If the server is sending data at the same or slower speed than this value for at least timeout option seconds, DNF5 aborts the connection.
Default: 1000.
- password
string
The password used to connect to a repository with basic HTTP authentication.
Default: empty.
- proxy
string
URL of a proxy server to connect through.
Set to an empty string in the repository configuration to disable proxy setting inherited from the main section. The expected format of this option is <scheme>://<ip-or-hostname>[:port]. (For backward compatibility, '_none_' can be used instead of the empty string.)
Default: empty.
NOTE:
The curl environment variables (such as http_proxy) are effective if this option is unset (or '_none_' is set in the repository configuration). See the curl man page for details.
- proxy_username
string
The username to use for connecting to the proxy server.
Default: empty.
- proxy_password
string
The password to use for connecting to the proxy server.
Default: empty.
- proxy_auth_method
string
The authentication method used by the proxy server. Valid values are
method meaning basic HTTP Basic authentication digest HTTP Digest authentication negotiate HTTP Negotiate (SPNEGO) authentication ntlm HTTP NTLM authentication digest_ie HTTP Digest authentication with an IE flavor ntlm_wb NTLM delegating to winbind helper none None auth method any All suitable methods Default: any.
- proxy_sslcacert
string
Path to the file containing the certificate authorities to verify proxy SSL certificates.
Default: empty, uses system default.
- proxy_sslclientcert
string
Path to the SSL client certificate used to connect to proxy server.
Default: empty.
- proxy_sslclientkey
string
Path to the SSL client key used to connect to proxy server.
Default: empty.
- proxy_sslverify
boolean
If enabled, proxy SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If False, SSL connections can be used, but certificates are not verified.
Default: True.
- repo_gpgcheck
boolean
If enabled, DNF5 will perform GPG signature check on this repository's metadata.
NOTE:
GPG keys for this check are stored separately from GPG keys used in package signature verification. Furthermore, they are also stored separately for each repository.
This means that DNF5 may ask to import the same key multiple times. For example, when a key was already imported for package signature verification and this option is turned on, it may be needed to import it again for the repository.
Default: False.
- retries
integer
Set the number of total retries for downloading packages. The number is cumulative, so e.g. for retries=10, DNF5 will fail after any package download fails for eleventh time.
Setting this to 0 makes DNF5 try forever.
Default: 10.
- skip_if_unavailable
boolean
If enabled, DNF5 will continue running and disable the repository that couldn't be synchronized for any reason. This option doesn't affect skipping of unavailable packages after dependency resolution. To check inaccessibility of repository use it in combination with refresh command line option.
Default: False.
NOTE:
this option in particular can be set in your configuration file by your distribution.
- sslcacert
string
Path to the file containing the certificate authorities to verify SSL certificates.
Default: empty, uses system default.
- sslclientcert
string
Path to the SSL client certificate used to connect to remote sites.
Default: empty.
- sslclientkey
string
Path to the SSL client key used to connect to remote sites.
Default: empty.
- sslverify
boolean
If enabled, remote SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If disabled, SSL connections can be used, but certificates are not verified.
Default: True.
- throttle
storage size
Limits the downloading speed. It might be an absolute value or a percentage, relative to the value of the bandwidth option option. 0 means no throttling.
Default: 0.
- timeout
time in seconds
Number of seconds to wait for a connection before timing out. Used in combination with minrate option option.
Default: 30.
- username
string
The username to use for connecting to repo with basic HTTP authentication.
Default: empty.
- user_agent
string
The User-Agent string to include in HTTP requests sent by DNF5.
Default:
libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
- NOTE:
NAME, VERSION_ID and VARIANT_ID are OS identifiers read from the os-release(5) file, and OS and BASEARCH are the canonical OS name and base architecture, respectively. Example:
libdnf (Fedora 39; server; Linux.x86_64)
Types of Options
- boolean
Data type with only two possible values.
One of following options can be used: 1, 0, True, False, yes, no.
- color
String describing color and modifiers separated with a comma, for example red,bold.
- Colors: black, blue, cyan, green, magenta, red, white, yellow.
- Modifiers: bold, blink, dim, normal, reverse, underline.
- integer
Whole number that can be written without a fractional component.
- ip address type
String describing ip address types.
One of the following options can be used: 4, IPv4, 6, IPv6.
- list
String representing one or more strings separated by space or comma characters.
- storage size
String representing storage sizes formed by an integer and a unit.
Valid units are k, M, G.
- string
It is a sequence of symbols or digits without any whitespace character.
- time in seconds
String representing time units in seconds. Can be set to -1 or never.
Files
- Main Configuration File
/etc/dnf/dnf.conf
- Cache Files
/var/cache/libdnf5
- Repository Files
/etc/yum.repos.d/
- Variables
Any property named file in /etc/dnf/vars is turned into a variable named after the filename (or overrides any of the above variables but those set from commandline). Filenames may contain only alphanumeric characters and underscores and be in lowercase. Variables are also read from /etc/yum/vars for YUM compatibility reasons.
Drop-in Configuration Directories
DNF5 loads configuration options that are defined in the main configuration file, user configuration files and distribution configuration files.
Users can define custom config options in this way.
- 1.
Configuration files are alphabetically sorted in a list of names from the distribution configuration directory and the user configuration directory. If a file with the same name is present in both directories, only the file from the user configuration directory is added to the list. The distribution file is then masked by the user file.
- 2.
Options are retrieved in order from the list The configuration from the next file overrides the previous one. The last option wins.
- User Configuration Directory
/etc/dnf/libdnf5.conf.d/
- User Configuration Files
/etc/dnf/libdnf5.conf.d/20-user-settings.conf
- Distribution Configuration Directory
/usr/share/dnf5/libdnf.conf.d/
- Distribution Configuration Files
/usr/share/dnf5/libdnf.conf.d/50-something.conf
Example configuration
User configuration files:
- /etc/dnf/dnf.conf
- /etc/dnf/libdnf5.conf.d/20-user-settings.conf
- /etc/dnf/libdnf5.conf.d/60-something.conf
- /etc/dnf/libdnf5.conf.d/80-user-settings.conf
Distribution configuration files:
- /usr/share/dnf5/libdnf.conf.d/50-something.conf
- /usr/share/dnf5/libdnf.conf.d/60-something.conf
- /usr/share/dnf5/libdnf.conf.d/90-something.conf
Resulting file loading order by default (/usr/share/dnf5/libdnf.conf.d/60-something.conf is skipped, masked by the user file /etc/dnf/libdnf5.conf.d/60-something.conf):
- /etc/dnf/libdnf5.conf.d/20-user-settings.conf
- /usr/share/dnf5/libdnf.conf.d/50-something.conf
- /etc/dnf/libdnf5.conf.d/60-something.conf
- /etc/dnf/libdnf5.conf.d/80-user-settings.conf
- /usr/share/dnf5/libdnf.conf.d/90-something.conf
- /etc/dnf/dnf.conf
See Also
- dnf5(8), DNF5 Command Reference
- dnf5.conf-todo(5), Options that are documented/implemented in DNF but not in DNF5
- dnf5.conf-deprecated(5), Config Options that are deprecated in DNF5
Author
See AUTHORS.md in dnf5 source distribution.
Copyright
Contributors to the dnf5 project.