DNF5 by default uses the global configuration file at /etc/dnf/dnf.conf.
The configuration file has INI format consisting of section declaration and name=value options below each on separate line. There are two types of sections in the configuration files: main and repository. Main section defines all global configuration options and should be only one.
The repository sections define the configuration for each (remote or local) repository. The section name of the repository in brackets serve as repo ID reference and should be unique across configuration files. The allowed characters of repo ID string are lower and upper case alphabetic letters, digits, -, _, . and :. The minimal repository configuration file should aside from repo ID consists of baseurl, metalink or mirrorlist option definition.
If disabled DNF5 will stick to vendor when upgrading or downgrading rpms.
This option is currently not supported for downgrade and distro-sync commands
If enabled DNF5 will assume No where it would normally prompt for confirmation from user input
If enabled DNF5 will assume Yes where it would normally prompt for confirmation from user input (see also defaultyes).
If True, instructs the solver to either use a package with the highest available version or fail. If False, do not fail if the latest version cannot be installed and go with the lower version.
This option in particular can be set in your configuration file by your distribution.
Path to a directory used by various DNF5 subsystems for storing cache data. Has a reasonable root-writable default depending on the distribution. DNF5 needs to be able to create files and directories at this location.
Can be all, metadata, none.
If set to all DNF5 will run entirely from system cache, will not update the cache and will use the system cache even if it is expired.
If set to metadata DNF5 will cache metadata only.
API Notes: Must be set before repository objects are created. Plugins must set this in the pre_config hook. Later changes are ignored.
If enabled DNF5 should automatically expire metadata of repos, which are older than their corresponding configuration file (usually the dnf.conf file and the foo.repo file).
Expire of metadata is also affected by metadata age. See also
If enabled, DNF5 will remove dependencies that are no longer used during dnf remove. A package only qualifies for removal via clean_requirements_on_remove if it was installed through DNF5 but not on explicit user request, i.e. it was pulled in as a dependency.
installonlypkgs are never automatically removed.
If enabled, libsolv debug files will be created when solving the transaction. The debug files are created in the ./debugdata directory.
If enabled, the default answer to user confirmation prompts will be Yes. Not to be confused with assumeyes which will not prompt at all.
List of the following: optional, default, mandatory.
Tells DNF5 which type of packages in groups will be installed when 'groupinstall' is called.
If enabled, RPM will allow attempts to install packages incompatible with the CPU's architecture.
List of provide names of packages that should only ever be installed, never upgraded. Kernels in particular fall into this category. These packages are never removed by dnf autoremove even if they were installed as dependencies (see clean_requirements_on_remove for auto removal details). This option append the list values to the default installonlypkgs list used by DNF5. The number of kept package versions is regulated by installonly_limit.
Number of installonly packages allowed to be installed concurrently.
1 is explicitly not allowed since it complicates kernel upgrades due to protection of the running kernel from removal.
Minimum is 2.
0 means unlimited number of installonly packages.
The root of the filesystem for all packaging operations. It requires an absolute path. See also --installroot commandline option.
If enabled, when a new package is about to be installed, all packages linked by weak dependency relation (Recommends or Supplements flags) with this package will be pulled into the transaction.
If enabled, keeps downloaded packages in the cache. If disabled cache will persist until the next successful transaction even if no packages have been installed.
Directory where the log files will be stored.
Log files are rotated log_rotate times before being removed. If log_rotate is 0, the rotation is not performed.
Log files are rotated when they grow bigger than log_size bytes. If log_size is 0, the rotation is not performed.
The size applies for individual log files, not the sum of all log files. See also log_rotate.
Set this to $name:$stream to override PLATFORM_ID detected from /etc/os-release. It is necessary to perform a system upgrade and switch to a new platform.
Controls how multilib packages are treated during install operations.
Can either be best for the depsolver to prefer packages which best match the system's architecture, or all to install packages for all available architectures.
If enabled, DNF5 uses obsoletes processing logic, which means it checks whether any dependencies of given package are no longer required and removes them.
Useful when doing distribution level upgrades.
It has effect during install/upgrade processes.
Command-line option: --obsoletes
List of the following: comps, filelists, other, presto, updateinfo
Defines which types of metadata are to be loaded in addition to primary and modules, which are loaded always as they are essential. Note that the list can be extended by individual DNF commands during runtime.
Directory where DNF5 stores its persistent data between runs.
List of directories that are searched for plugin configurations to load.
All configuration files found in these directories, that are named same as a plugin, are parsed.
List of directories that are searched for plugins to load. Plugins found in any of the directories in this configuration option are used.
Default: a Python version-specific path.
If enabled, DNF5 plugins are enabled.
This append list option contains names of packages that DNF5 should never completely remove.
They are protected via Obsoletes as well as user/plugin removals.
Any packages which should be protected can do so by including a file in /etc/dnf/protected.d with their package name in it.
DNF5 will protect also the package corresponding to the running version of the kernel. See also protect_running_kernel option.
Controls whether the package corresponding to the running version of kernel is protected from removal.
YUM compatibility option
Repository configuration files locations.
The behavior of reposdir could differ when it is used along with --installroot option.
Default: TODO add default
List of strings adding extra flags for the RPM transaction.
tsflag value RPM Transaction Flag noscripts RPMTRANS_FLAG_NOSCRIPTS test RPMTRANS_FLAG_TEST notriggers RPMTRANS_FLAG_NOTRIGGERS nodocs RPMTRANS_FLAG_NODOCS justdb RPMTRANS_FLAG_JUSTDB nocontexts RPMTRANS_FLAG_NOCONTEXTS nocaps RPMTRANS_FLAG_NOCAPS nocrypto RPMTRANS_FLAG_NOFILEDIGEST
The nocrypto option will also set the _RPMVSF_NOSIGNATURES and _RPMVSF_NODIGESTS VS flags.
The test option provides a transaction check without performing the transaction. It includes downloading of packages, gpg keys check (including permanent import of additional keys if necessary), and rpm check to prevent file conflicts.
The nocaps is supported with rpm-4.14 or later. When nocaps is used but rpm doesn't support it, DNF5 only reports it as an invalid tsflag.
List of directories where variables definition files are looked for.
See variable files in Configuration reference.
If enabled, repository metadata are compressed using the zchunk format (if available).
[Main] Options - Colors
Color of available packages that are newer than installed packages. The option is used during list operations.
Color of available packages that are older than installed packages. The option is used during list operations.
Color of available packages that are identical to installed versions and are available for reinstalls. The option is used during list operations.
Color of packages that are available for installation and none of their versions in installed. The option is used during list operations.
Color of removed packages. This option is used during displaying transactions.
Color of local packages that are installed from the @commandline repository. This option is used during displaying transactions.
Color of packages that are installed/upgraded/downgraded from remote repositories. This option is used during displaying transactions.
Color of patterns matched in search output.
Include this repository as a package source.
Right side of every repo option can be enriched by the following variables:
Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and x86_64.
Refers to the base architecture of the system. For example, i686 and i586 machines both have a base architecture of i386, and AMD64 and Intel64 machines have a base architecture of x86_64.
Refers to the release version of operating system which DNF5 derives from information available in RPMDB.
In addition to these hard coded variables, user-defined ones can also be used. They can be defined either via variable files, or by using special environmental variables. The names of these variables must be prefixed with DNF_VAR_ and they can only consist of alphanumeric characters and underscores:
To use such variable in your repository configuration remove the prefix. E.g.:
Note that it is not possible to override the arch and basearch variables using either variable files or environmental variables.
Although users are encouraged to use named variables, the numbered environmental variables DNF0 - DNF9 are still supported:
$ DNF1=value [myrepo] baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever
Options for Both [Main] and Repo
Some options can be applied in either the main section, per repository, or in a combination. The value provided in the main section is used for all repositories as the default value, which repositories can then override in their configuration.
Total bandwidth available for downloading. Meaningful when used with the throttle option.
Determines whether a special flag should be added to a single, randomly chosen metalink/mirrorlist query each week. This allows the repository owner to estimate the number of systems consuming it, by counting such queries over a week's time, which is much more accurate than just counting unique IP addresses (which is subject to both overcounting and undercounting due to short DHCP leases and NAT, respectively).
The flag is a simple "countme=N" parameter appended to the metalink and mirrorlist URL, where N is an integer representing the "longevity" bucket this system belongs to. The following 4 buckets are defined, based on how many full weeks have passed since the beginning of the week when this system was installed: 1 = first week, 2 = first month (2-4 weeks), 3 = six months (5-24 weeks) and 4 = more than six months (> 24 weeks). This information is meant to help distinguish short-lived installs from long-term ones, and to gather other statistics about system lifecycle.
If enabled, DNF5 will save bandwidth by downloading much smaller delta RPM files, rebuilding them to RPM locally. However, this is quite CPU and I/O intensive.
When the relative size of delta vs pkg is larger than this, delta is not used. (Deltas must be at least 25% smaller than the pkg). Use 0 to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default.
If enabled, DNF5 will allow the use of package groups.
Exclude packages of this repository, specified by a name or a glob and separated by a comma, from all operations.
Can be disabled using --disableexcludes command line switch.
If enabled, a metric is used to find the fastest available mirror. This overrides the order provided by the mirrorlist/metalink file itself. This file is often dynamically generated by the server to provide the best download speeds and enabling fastestmirror overrides this.
Include packages of this repository, specified by a name or a glob and separated by a comma, in all operations.
Inverse of excludepkgs, DNF5 will exclude any package in the repository that doesn't match this list.
This works in conjunction with excludepkgs and doesn't override it, so if you 'excludepkgs=*.i386' and 'includepkgs=python*' then only packages starting with python that do not have an i386 arch will be seen by DNF5 in this repo.
Can be disabled using --disableexcludes command line switch.
Determines how DNF5 resolves host names. Set this to 4, IPv4, 6, IPv6 to resolve to IPv4 or IPv6 addresses only.
If enabled, DNF5 will perform a GPG signature check on local packages (packages in a file, not in a repository).
This option is subject to the active RPM security policy (see gpgcheck for more details).
Maximum number of simultaneous package downloads. Max is 20.
time in seconds
The period after which the remote repository is checked for metadata update and in the positive case the local metadata cache is updated. It can be -1 or never to make the repo never considered expired.
Expire of metadata can be also triggered by change of timestamp of configuration files (dnf.conf, <repo>.repo).
See also check_config_file_age.
Default: 60 * 60 * 48, 48 hours.
Sets the low speed threshold in bytes per second. If the server is sending data at the same or slower speed than this value for at least timeout option seconds, DNF5 aborts the connection.
The password used to connect to a repository with basic HTTP authentication.
URL of a proxy server to connect through.
Set to an empty string in the repository configuration to disable proxy setting inherited from the main section. The expected format of this option is <scheme>://<ip-or-hostname>[:port]. (For backward compatibility, '_none_' can be used instead of the empty string.)
The curl environment variables (such as http_proxy) are effective if this option is unset (or '_none_' is set in the repository configuration). See the curl man page for details.
The username to use for connecting to the proxy server.
The password to use for connecting to the proxy server.
The authentication method used by the proxy server. Valid values are
method meaning basic HTTP Basic authentication digest HTTP Digest authentication negotiate HTTP Negotiate (SPNEGO) authentication ntlm HTTP NTLM authentication digest_ie HTTP Digest authentication with an IE flavor ntlm_wb NTLM delegating to winbind helper none None auth method any All suitable methods
Path to the file containing the certificate authorities to verify proxy SSL certificates.
Default: empty, uses system default.
Path to the SSL client certificate used to connect to proxy server.
Path to the SSL client key used to connect to proxy server.
If enabled, proxy SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If False, SSL connections can be used, but certificates are not verified.
If enabled, DNF5 will perform GPG signature check on this repository's metadata.
GPG keys for this check are stored separately from GPG keys used in package signature verification. Furthermore, they are also stored separately for each repository.
This means that DNF5 may ask to import the same key multiple times. For example, when a key was already imported for package signature verification and this option is turned on, it may be needed to import it again for the repository.
Set the number of total retries for downloading packages. The number is cumulative, so e.g. for retries=10, DNF5 will fail after any package download fails for eleventh time.
Setting this to 0 makes DNF5 try forever.
If enabled, DNF5 will continue running and disable the repository that couldn't be synchronized for any reason. This option doesn't affect skipping of unavailable packages after dependency resolution. To check inaccessibility of repository use it in combination with refresh command line option.
this option in particular can be set in your configuration file by your distribution.
Path to the file containing the certificate authorities to verify SSL certificates.
Default: empty, uses system default.
Path to the SSL client certificate used to connect to remote sites.
Path to the SSL client key used to connect to remote sites.
If enabled, remote SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If disabled, SSL connections can be used, but certificates are not verified.
Limits the downloading speed. It might be an absolute value or a percentage, relative to the value of the bandwidth option option. 0 means no throttling.
time in seconds
Number of seconds to wait for a connection before timing out. Used in combination with minrate option option.
The username to use for connecting to repo with basic HTTP authentication.
The User-Agent string to include in HTTP requests sent by DNF5.
libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
NAME, VERSION_ID and VARIANT_ID are OS identifiers read from the os-release(5) file, and OS and BASEARCH are the canonical OS name and base architecture, respectively. Example:
libdnf (Fedora 39; server; Linux.x86_64)
Types of Options
Data type with only two possible values.
One of following options can be used: 1, 0, True, False, yes, no.
String describing color and modifiers separated with a comma, for example red,bold.
- Colors: black, blue, cyan, green, magenta, red, white, yellow.
- Modifiers: bold, blink, dim, normal, reverse, underline.
Whole number that can be written without a fractional component.
- ip address type
String describing ip address types.
One of the following options can be used: 4, IPv4, 6, IPv6.
String representing one or more strings separated by space or comma characters.
- storage size
String representing storage sizes formed by an integer and a unit.
Valid units are k, M, G.
It is a sequence of symbols or digits without any whitespace character.
- time in seconds
String representing time units in seconds. Can be set to -1 or never.
- Main Configuration File
- Cache Files
- Repository Files
Any property named file in /etc/dnf/vars is turned into a variable named after the filename (or overrides any of the above variables but those set from commandline). Filenames may contain only alphanumeric characters and underscores and be in lowercase. Variables are also read from /etc/yum/vars for YUM compatibility reasons.
Drop-in Configuration Directories
DNF5 loads configuration options that are defined in the main configuration file, user configuration files and distribution configuration files.
Users can define custom config options in this way.
Configuration files are alphabetically sorted in a list of names from the distribution configuration directory and the user configuration directory. If a file with the same name is present in both directories, only the file from the user configuration directory is added to the list. The distribution file is then masked by the user file.
Options are retrieved in order from the list The configuration from the next file overrides the previous one. The last option wins.
- User Configuration Directory
- User Configuration Files
- Distribution Configuration Directory
- Distribution Configuration Files
User configuration files:
Distribution configuration files:
Resulting file loading order by default (/usr/share/dnf5/libdnf.conf.d/60-something.conf is skipped, masked by the user file /etc/dnf/libdnf5.conf.d/60-something.conf):
See AUTHORS.md in dnf5 source distribution.
Contributors to the dnf5 project.