1. Manuals
  2. Tumbleweed
  3. dnf5
  4. dnf5.conf(5)

Scroll to navigation

DNF5.CONF(5) dnf5 DNF5.CONF(5)

NAME

dnf5.conf - DNF5 Configuration Reference

DESCRIPTION

DNF5 by default uses the global configuration file at /etc/dnf/dnf.conf.

The configuration file has INI format consisting of section declaration and name=value options below each on separate line. There are two types of sections in the configuration files: main and repository. Main section defines all global configuration options and should be only one.

The repository sections define the configuration for each (remote or local) repository. The section name of the repository in brackets serve as repo ID reference and should be unique across configuration files. The allowed characters of repo ID string are lower and upper case alphabetic letters, digits, -, _, . and :. The minimal repository configuration file should aside from repo ID consists of baseurl, metalink or mirrorlist option definition.

[MAIN] OPTIONS

boolean

If disabled DNF5 will stick to vendor when upgrading or downgrading rpms.

Default: True.

WARNING:

This option is currently not supported for downgrade and distro-sync commands



boolean

If enabled DNF5 will assume No where it would normally prompt for confirmation from user input

Default: False.


boolean

If enabled DNF5 will assume Yes where it would normally prompt for confirmation from user input (see also defaultyes).

Default: False.


boolean

If True, instructs the solver to either use a package with the highest available version or fail. If False, do not fail if the latest version cannot be installed and go with the lower version.

Default: True.

NOTE:

This option in particular can be set in your configuration file by your distribution.



string

Path to a directory used by various DNF5 subsystems for storing cache data including repositories metadata and downloaded packages. Has a reasonable root-writable default depending on the distribution. DNF5 needs to be able to create files and directories at this location.

Default: /var/cache/libdnf5.


string

Can be all, metadata, none.

If set to all DNF5 will run entirely from system cache, will not update the cache and will use the system cache even if it is expired.

If set to metadata DNF5 will cache metadata only.

Default: none.

NOTE:

API Notes: Must be set before repository objects are created. Plugins must set this in the pre_config hook. Later changes are ignored.



boolean

If enabled DNF5 should automatically expire metadata of repos, which are older than their corresponding configuration file (usually the dnf.conf file and the foo.repo file).

Default: True.

NOTE:

Expire of metadata is also affected by metadata age. See also

metadata_expire.




boolean

If enabled, DNF5 will remove dependencies that are no longer used during dnf remove. A package only qualifies for removal via clean_requirements_on_remove if it was installed through DNF5 but not on explicit user request, i.e. it was pulled in as a dependency.

installonlypkgs are never automatically removed.

Default: True.


boolean

If enabled, libsolv debug files will be created when solving the transaction. The debug files are created in the ./debugdata directory.

Default: False.


boolean

If enabled, the default answer to user confirmation prompts will be Yes. Not to be confused with assumeyes which will not prompt at all.

Default: False.


list

List of the following: optional, default, mandatory.

Tells DNF5 which type of packages in groups will be installed when 'groupinstall' is called.

Default: default,mandatory.


boolean

If enabled, RPM will allow attempts to install packages incompatible with the CPU's architecture.

Default: False.


list

List of provide names of packages that should only ever be installed, never upgraded. Kernels in particular fall into this category. These packages are never removed by dnf autoremove even if they were installed as dependencies (see clean_requirements_on_remove for auto removal details). This option append the list values to the default installonlypkgs list used by DNF5. The number of kept package versions is regulated by installonly_limit.


integer

Number of installonly packages allowed to be installed concurrently.

1 is explicitly not allowed since it complicates kernel upgrades due to protection of the running kernel from removal.

Minimum is 2.

0 means unlimited number of installonly packages.

Default: 3.


string

The root of the filesystem for all packaging operations. It requires an absolute path. See also --installroot commandline option.

Default: /.


boolean

If enabled, when a new package is about to be installed, all packages linked by weak dependency relation (Recommends or Supplements flags) with this package will be pulled into the transaction.

Default: True.


boolean

If enabled, keeps downloaded packages in the cache. If disabled cache will persist until the next successful transaction even if no packages have been installed.

Default: False.


string

Directory where the log files will be stored.

Default: /var/log.


integer

Log files are rotated log_rotate times before being removed. If log_rotate is 0, the rotation is not performed.

Default: 4.


storage size

Log files are rotated when they grow bigger than log_size bytes. If log_size is 0, the rotation is not performed.

The size applies for individual log files, not the sum of all log files. See also log_rotate.

Default: 1M.


string

Set this to $name:$stream to override PLATFORM_ID detected from /etc/os-release. It is necessary to perform a system upgrade and switch to a new platform.

Default: empty.


string

Controls how multilib packages are treated during install operations.

Can either be best for the depsolver to prefer packages which best match the system's architecture, or all to install packages for all available architectures.

Default: best.


boolean

If enabled, DNF5 uses obsoletes processing logic, which means it checks whether any dependencies of given package are no longer required and removes them.

Useful when doing distribution level upgrades.

It has effect during install/upgrade processes.

Command-line option: --obsoletes

Default: True.


list

List of the following: comps, filelists, other, presto, updateinfo

Defines which types of metadata are to be loaded in addition to primary and modules, which are loaded always as they are essential. Note that the list can be extended by individual DNF commands during runtime.

Default: comps,updateinfo


string

Directory where DNF5 stores its persistent data between runs.

Default: /var/lib/dnf.


list

List of directories that are searched for plugin configurations to load.

All configuration files found in these directories, that are named same as a plugin, are parsed.

Default: /etc/dnf/libdnf5-plugins.


list

List of directories that are searched for plugins to load. Plugins found in any of the directories in this configuration option are used.

Default: a Python version-specific path.


boolean

If enabled, DNF5 plugins are enabled.

Default: True.


list

This append list option contains names of packages that DNF5 should never completely remove.

They are protected via Obsoletes as well as user/plugin removals.

Default: dnf5,glob:/etc/dnf/protected.d/*.conf.

NOTE:

Any packages which should be protected can do so by including a file in /etc/dnf/protected.d with their package name in it.

DNF5 will protect also the package corresponding to the running version of the kernel. See also protect_running_kernel option.




boolean

Controls whether the package corresponding to the running version of kernel is protected from removal.

Default: True.

NOTE:

YUM compatibility option



list

Repository configuration files locations.

The behavior of reposdir could differ when it is used along with --installroot option.

Default: TODO add default


system_state

list

List of strings adding extra flags for the RPM transaction.

tsflag value RPM Transaction Flag
noscripts RPMTRANS_FLAG_NOSCRIPTS
test RPMTRANS_FLAG_TEST
notriggers RPMTRANS_FLAG_NOTRIGGERS
nodocs RPMTRANS_FLAG_NODOCS
justdb RPMTRANS_FLAG_JUSTDB
nocontexts RPMTRANS_FLAG_NOCONTEXTS
nocaps RPMTRANS_FLAG_NOCAPS
nocrypto RPMTRANS_FLAG_NOFILEDIGEST
deploops RPMTRANS_FLAG_DEPLOOPS

The nocrypto option will also set the _RPMVSF_NOSIGNATURES and _RPMVSF_NODIGESTS VS flags.

The test option provides a transaction check without performing the transaction. It includes downloading of packages, gpg keys check (including permanent import of additional keys if necessary), and rpm check to prevent file conflicts.

The nocaps is supported with rpm-4.14 or later. When nocaps is used but rpm doesn't support it, DNF5 only reports it as an invalid tsflag.

Default: empty.


use_host_config

list

List of directories where variables definition files are looked for.

See variable files in Configuration reference.

Default: /etc/dnf/vars.


boolean

If enabled, repository metadata are compressed using the zchunk format (if available).

Default: True.


[MAIN] OPTIONS - COLORS

color

Color of available packages that are newer than installed packages. The option is used during list operations.

Default: bold,blue.


color

Color of available packages that are older than installed packages. The option is used during list operations.

Default: dim,magenta.


color

Color of available packages that are identical to installed versions and are available for reinstalls. The option is used during list operations.

Default: bold,green.


color

Color of packages that are available for installation and none of their versions in installed. The option is used during list operations.

Default: bold,cyan.


color

Color of removed packages. This option is used during displaying transactions.

Default: dim,red.


color

Color of local packages that are installed from the @commandline repository. This option is used during displaying transactions.

Default: dim,green.


color

Color of packages that are installed/upgraded/downgraded from remote repositories. This option is used during displaying transactions.

Default: bold,green.


color

Color of patterns matched in search output.

Default: bold,magenta.


REPO OPTIONS

boolean

Include this repository as a package source.

Default: True.


REPO VARIABLES

Right side of every repo option can be enriched by the following variables:

$arch

Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and x86_64.


$basearch

Refers to the base architecture of the system. For example, i686 and i586 machines both have a base architecture of i386, and AMD64 and Intel64 machines have a base architecture of x86_64.


$releasever

Refers to the release version of operating system which DNF5 derives from information available in RPMDB.


In addition to these hard coded variables, user-defined ones can also be used. They can be defined either via variable files, or by using special environmental variables. The names of these variables must be prefixed with DNF_VAR_ and they can only consist of alphanumeric characters and underscores:

$ DNF_VAR_MY_VARIABLE=value


To use such variable in your repository configuration remove the prefix. E.g.:

[myrepo]
baseurl=https://example.site/pub/fedora/$MY_VARIABLE/releases/$releasever


Note that it is not possible to override the arch and basearch variables using either variable files or environmental variables.

Although users are encouraged to use named variables, the numbered environmental variables DNF0 - DNF9 are still supported:

$ DNF1=value
[myrepo]
baseurl=https://example.site/pub/fedora/$DNF1/releases/$releasever


OPTIONS FOR BOTH [MAIN] AND REPO

Some options can be applied in either the main section, per repository, or in a combination. The value provided in the main section is used for all repositories as the default value, which repositories can then override in their configuration.

storage size

Total bandwidth available for downloading. Meaningful when used with the throttle option.

Default: 0.


boolean

Determines whether a special flag should be added to a single, randomly chosen metalink/mirrorlist query each week. This allows the repository owner to estimate the number of systems consuming it, by counting such queries over a week's time, which is much more accurate than just counting unique IP addresses (which is subject to both overcounting and undercounting due to short DHCP leases and NAT, respectively).

The flag is a simple "countme=N" parameter appended to the metalink and mirrorlist URL, where N is an integer representing the "longevity" bucket this system belongs to. The following 4 buckets are defined, based on how many full weeks have passed since the beginning of the week when this system was installed: 1 = first week, 2 = first month (2-4 weeks), 3 = six months (5-24 weeks) and 4 = more than six months (> 24 weeks). This information is meant to help distinguish short-lived installs from long-term ones, and to gather other statistics about system lifecycle.

Default: False.


boolean

If enabled, DNF5 will save bandwidth by downloading much smaller delta RPM files, rebuilding them to RPM locally. However, this is quite CPU and I/O intensive.

Default: False.


integer

When the relative size of delta vs pkg is larger than this, delta is not used. (Deltas must be at least 25% smaller than the pkg). Use 0 to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default.

Default: 75


boolean

If enabled, DNF5 will allow the use of package groups.

Default: True.


list

Exclude packages of this repository, specified by a name or a glob and separated by a comma, from all operations.

Can be disabled using --disableexcludes command line switch.

Default: [].


boolean

If enabled, a metric is used to find the fastest available mirror. This overrides the order provided by the mirrorlist/metalink file itself. This file is often dynamically generated by the server to provide the best download speeds and enabling fastestmirror overrides this.

Default: False.


list

Include packages of this repository, specified by a name or a glob and separated by a comma, in all operations.

Inverse of excludepkgs, DNF5 will exclude any package in the repository that doesn't match this list.

This works in conjunction with excludepkgs and doesn't override it, so if you 'excludepkgs=*.i386' and 'includepkgs=python*' then only packages starting with python that do not have an i386 arch will be seen by DNF5 in this repo.

Can be disabled using --disableexcludes command line switch.

Default: [].


ip address

Determines how DNF5 resolves host names. Set this to 4, IPv4, 6, IPv6 to resolve to IPv4 or IPv6 addresses only.

Default: whatever.


boolean

If enabled, DNF5 will perform a GPG signature check on local packages (packages in a file, not in a repository).

This option is subject to the active RPM security policy (see gpgcheck for more details).

Default: False.


integer

Maximum number of simultaneous package downloads. Max is 20.

Default: 3.


time in seconds

The period after which the remote repository is checked for metadata update and in the positive case the local metadata cache is updated. It can be -1 or never to make the repo never considered expired.

Expire of metadata can be also triggered by change of timestamp of configuration files (dnf.conf, <repo>.repo).

See also check_config_file_age.

Default: 60 * 60 * 48, 48 hours.


storage size

Sets the low speed threshold in bytes per second. If the server is sending data at the same or slower speed than this value for at least timeout option seconds, DNF5 aborts the connection.

Default: 1000.


string

The password used to connect to a repository with basic HTTP authentication.

Default: empty.


string

URL of a proxy server to connect through.

Set to an empty string in the repository configuration to disable proxy setting inherited from the main section. The expected format of this option is <scheme>://<ip-or-hostname>[:port]. (For backward compatibility, '_none_' can be used instead of the empty string.)

Default: empty.

NOTE:

The curl environment variables (such as http_proxy) are effective if this option is unset (or '_none_' is set in the repository configuration). See the curl man page for details.



string

The username to use for connecting to the proxy server.

Default: empty.


string

The password to use for connecting to the proxy server.

Default: empty.


string

The authentication method used by the proxy server. Valid values are

method meaning
basic HTTP Basic authentication
digest HTTP Digest authentication
negotiate HTTP Negotiate (SPNEGO) authentication
ntlm HTTP NTLM authentication
digest_ie HTTP Digest authentication with an IE flavor
ntlm_wb NTLM delegating to winbind helper
none None auth method
any All suitable methods

Default: any.


string

Path to the file containing the certificate authorities to verify proxy SSL certificates.

Default: empty, uses system default.


string

Path to the SSL client certificate used to connect to proxy server.

Default: empty.


string

Path to the SSL client key used to connect to proxy server.

Default: empty.


boolean

If enabled, proxy SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If False, SSL connections can be used, but certificates are not verified.

Default: True.


boolean

If enabled, DNF5 will perform GPG signature check on this repository's metadata.

NOTE:

GPG keys for this check are stored separately from GPG keys used in package signature verification. Furthermore, they are also stored separately for each repository.

This means that DNF5 may ask to import the same key multiple times. For example, when a key was already imported for package signature verification and this option is turned on, it may be needed to import it again for the repository.



Default: False.


integer

Set the number of total retries for downloading packages. The number is cumulative, so e.g. for retries=10, DNF5 will fail after any package download fails for eleventh time.

Setting this to 0 makes DNF5 try forever.

Default: 10.


boolean

If enabled, DNF5 will continue running and disable the repository that couldn't be synchronized for any reason. This option doesn't affect skipping of unavailable packages after dependency resolution. To check inaccessibility of repository use it in combination with refresh command line option.

Default: False.

NOTE:

this option in particular can be set in your configuration file by your distribution.



string

Path to the file containing the certificate authorities to verify SSL certificates.

Default: empty, uses system default.


string

Path to the SSL client certificate used to connect to remote sites.

Default: empty.


string

Path to the SSL client key used to connect to remote sites.

Default: empty.


boolean

If enabled, remote SSL certificates are verified. If the client can not be authenticated, connecting fails and the repository is not used any further. If disabled, SSL connections can be used, but certificates are not verified.

Default: True.


storage size

Limits the downloading speed. It might be an absolute value or a percentage, relative to the value of the bandwidth option option. 0 means no throttling.

Default: 0.


time in seconds

Number of seconds to wait for a connection before timing out. Used in combination with minrate option option.

Default: 30.


string

The username to use for connecting to repo with basic HTTP authentication.

Default: empty.


string

The User-Agent string to include in HTTP requests sent by DNF5.

Default:

libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)


NOTE:

NAME, VERSION_ID and VARIANT_ID are OS identifiers read from the os-release(5) file, and OS and BASEARCH are the canonical OS name and base architecture, respectively. Example: 

libdnf (Fedora 39; server; Linux.x86_64)





TYPES OF OPTIONS

Data type with only two possible values.

One of following options can be used: 1, 0, True, False, yes, no.


String describing color and modifiers separated with a comma, for example red,bold.
  • Colors: black, blue, cyan, green, magenta, red, white, yellow.
  • Modifiers: bold, blink, dim, normal, reverse, underline.


Whole number that can be written without a fractional component.

String describing ip address types.

One of the following options can be used: 4, IPv4, 6, IPv6.


String representing one or more strings separated by space or comma characters.

String representing storage sizes formed by an integer and a unit.

Valid units are k, M, G.


It is a sequence of symbols or digits without any whitespace character.

String representing time units in seconds. Can be set to -1 or never.

DROP-IN CONFIGURATION DIRECTORIES

DNF5 loads configuration options that are defined in the main configuration file, user configuration files and distribution configuration files.

The configuration files are processed following this order:

1.
Configuration files are alphabetically sorted in a list of names from the distribution configuration directory. If a file with the same name is present in both directories, only the file from the user configuration directory is added to the list. The distribution file is then masked by the user file.
2.
Options are retrieved in order from the list The configuration from the next file overrides the previous one. The last option wins.

Example of configuration files

User configuration files:

  • /etc/dnf/dnf.conf
  • /etc/dnf/libdnf5.conf.d/20-user-settings.conf
  • /etc/dnf/libdnf5.conf.d/60-something.conf
  • /etc/dnf/libdnf5.conf.d/80-user-settings.conf

Distribution configuration files:

  • /usr/share/dnf5/libdnf.conf.d/50-something.conf
  • /usr/share/dnf5/libdnf.conf.d/60-something.conf
  • /usr/share/dnf5/libdnf.conf.d/90-something.conf

Resulting file loading order by default (/usr/share/dnf5/libdnf.conf.d/60-something.conf is skipped, masked by the user file /etc/dnf/libdnf5.conf.d/60-something.conf):

1.
/etc/dnf/libdnf5.conf.d/20-user-settings.conf
2.
/usr/share/dnf5/libdnf.conf.d/50-something.conf
3.
/etc/dnf/libdnf5.conf.d/60-something.conf
4.
/etc/dnf/libdnf5.conf.d/80-user-settings.conf
5.
/usr/share/dnf5/libdnf.conf.d/90-something.conf
6.
/etc/dnf/dnf.conf

Files and directories

/etc/dnf/libdnf5.conf.d/

/etc/dnf/libdnf5.conf.d/20-user-settings.conf

/usr/share/dnf5/libdnf.conf.d/

/usr/share/dnf5/libdnf.conf.d/50-something.conf

DROP-IN REPO DIRECTORIES

After the repository configurations are loaded other repo configurations can be overloaded from the directories user repos override directory and distribution repos override directory.

The format of the files inside the directories is the same as the format of the repository configuration files. The options in the overridden files can modify existing repos but cannot create new repositories.

Override files support globs in the repository ID in order to support bulk modifications of repository parameters.

The repository overrides are processed following this order:

1.
Files from /usr/share/dnf5/repos.override.d/ and /etc/dnf5/repos.override.d/ are loaded in an alphabetically sorted list. In case files have the same name, the file from /etc/dnf5/repos.override.d/ is used. This implies the list has only unique filenames. This also implies that the repository configuration files can be simply masked by creating a file with the same name in the /etc override directory.
2.
The options from the files are applied in the order they are loaded. The last option wins.

NOTE:

See also the documentation for Config-manager Command to see where the overrides are used.


Example configuration

# Enable `skip_if_unavailable` for all repositories
[*]
skip_if_unavailable = true
# And then disable `skip_if_unavailable` for repositories with id prefix "fedora"
[fedora*]
skip_if_unavailable = false


Example of configuration files

This example shows the order in which override files are processed.

Files with user repos overrides:

  • /etc/dnf/repos.overide.d/20-user-overrides.repo
  • /etc/dnf/repos.overide.d/60-something2.repo
  • /etc/dnf/repos.overide.d/80-user-overrides.repo
  • /etc/dnf/repos.overide.d/99-config-manager.repo

Files with distribution repos overrides:

  • /usr/share/dnf5/repos.overide.d/50-something2.repo
  • /usr/share/dnf5/repos.overide.d/60-something2.repo
  • /usr/share/dnf5/repos.overide.d/90-something2.repo

Resulting file processing order:

1.
/etc/dnf/repos.overide.d/20-user-overrides.repo
2.
/usr/share/dnf5/repos.overide.d/50-something2.repo
3.
/etc/dnf/repos.overide.d/60-something2.repo
4.
/etc/dnf/repos.overide.d/80-user-overrides.repo
5.
/usr/share/dnf5/repos.overide.d/90-something2.repo
6.
/etc/dnf/repos.overide.d/99-config-manager.repo

Files and directories

/etc/dnf/repos.override.d/

/etc/dnf/repos.override.d/20-user-overrides.repo

/usr/share/dnf5/repos.override.d/

/usr/share/dnf5/repos.override.d/50-something2.repo

FILES

/etc/dnf/dnf.conf

/var/cache/libdnf5

/etc/yum.repos.d/

Any property named file in /etc/dnf/vars is turned into a variable named after the filename (or overrides any of the above variables but those set from commandline). Filenames may contain only alphanumeric characters and underscores and be in lowercase. Variables are also read from /etc/yum/vars for YUM compatibility reasons.

DIRECTORIES

Repository Directories

Directories are listed in the order in which they are processed.

NOTE:

Unlike overrides that modify an existing repository configuration, the configuration in these directories defines new repositories. It is not possible to define repositories with the same ID. If multiple repositories with the same ID are defined only the first configuration will be loaded. Loading the next one will log an error.


/etc/yum.repos.d/

/etc/distro.repos.d/
/usr/share/dnf5/repos.d/

Variables Directories

/etc/dnf/vars/

/usr/share/dnf5/vars.d/

SEE ALSO


AUTHOR

See AUTHORS.md in dnf5 source distribution.

COPYRIGHT

Contributors to the dnf5 project.

September 23, 2024