ostree.repo-config man page
ostree.repo-config — OSTree repository configuration
The config file in an OSTree repository is a "keyfile" in the XDG Desktop Entry Specification format. It has several global flags, as well as zero or more remote entries which describe how to access remote repositories.
See ostree.repo(5) for more information about OSTree repositories.
[Core] Section Options
Repository-global options. The following entries are defined:
One of bare, bare-user or archive-z2.
Currently, this must be set to 1.
Boolean value controlling whether or not to automatically update the summary file after a commit. Defaults to false.
Boolean value controlling whether or not to ensure files are on stable storage when performing operations such as commits, pulls, and checkouts. Defaults to true.
If you disable fsync, OSTree will no longer be robust against kernel crashes or power loss.
You might choose to disable this for local development repositories, under the assumption they can be recreated from source. Similarly, you could disable for a mirror where you could re-pull.
For the system repository, you might choose to disable fsync if you have uninterruptable power supplies and a well tested kernel.
[Remote Name“] Section Options”
Describes a remote repository location.
Must be present; declares URL for accessing metadata and content for remote. See also contenturl. The supported schemes are documented below.
Declares URL for accessing content (filez, static delta parts). When specified, url is used just for metadata: summary, static delta "superblocks".
A string value, if given should be a URL for a HTTP proxy to use for access to this repository.
A boolean value, defaults to true. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see the ostree(1) manual under GPG.
A boolean value, defaults to false. Controls whether or not OSTree will check if the summary is signed by a known GPG key. For more information, see the ostree(1) manual under GPG.
A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate store. If this variable is set, any certificate will be accepted.
Path to file for client-side certificate, to present when making requests to this repository.
Path to file containing client-side certificate key, to present when making requests to this repository.
Path to file containing trusted anchors instead of the system CA database.
If set, pulls from this remote will fail with the configured text. This is intended for OS vendors which have a subscription process to access content.
In addition to the /ostree/repo/config file, remotes may also be specified in /etc/ostree/remotes.d. The remote configuration file must end in .conf; files whose name does not end in .conf will be ignored.
Originally, OSTree had just a url option for remotes. Since then, the contenturl option was introduced. Both of these support file, http, and https schemes.
Additionally, both of these can be prefixed with the string mirrorlist=, which instructs the client that the target url is a "mirrorlist" format, which is a plain text file of newline-separated URLs. Earlier URLs will be given precedence.
Note that currently, the tls-ca-path and tls-client-cert-path options apply to every HTTP request, even when contenturl and/or mirrorlist are in use. This may change in the future to only apply to metadata (i.e. url, not contenturl) fetches.
Per-Remote Gpg Keyrings and Verification
OSTree supports a per-remote GPG keyring, as well as a gpgkeypath option. For more information see ostree(1). in the section GPG verification.
Per-Remote HTTP Cookies
Some content providers may want to control access to remote repositories via HTTP cookies. The ostree remote add-cookie and ostree remote delete-cookie commands will update a per-remote lookaside cookie jar, named $remotename.cookies.txt.
- XDG Desktop Entry Specification