DNF by default uses the global configuration file at /etc/dnf/dnf.conf
and all *.repo files found under /etc/yum.repos.d
. The latter is typically used for repository configuration and takes precedence over global configuration.
The configuration file has INI format consisting of section declaration and name=value
options below each on separate line. There are two types of sections in the configuration files: main and repository. Main section defines all global configuration options and should be only one.
The repository sections define the configuration for each (remote or local) repository. The section name of the repository in brackets serve as repo ID reference and should be unique across configuration files. The allowed characters of repo ID string are lower and upper case alphabetic letters, digits, -
, _
, .
and :
. The minimal repository configuration file should aside from repo ID consists of baseurl <baseurl-label>
, metalink <metalink-label>
or mirrorlist <mirrorlist-label>
option definition.
arch
string <string-label>
The architecture used for installing packages. By default this is auto-detected. Often used together with
ignorearch <ignorearch-label>
option.
assumeyes
boolean <boolean-label>
If enabled dnf will assume
Yes
where it would normally prompt for confirmation from user input (see alsodefaultyes <defaultyes-label>
). Default is False.
autocheck_running_kernel
boolean <boolean-label>
Automatic check whether there is installed newer kernel module with security update than currently running kernel. Default is True.
best
boolean <boolean-label>
When upgrading a package, always try to install its highest version available, even only to find out some of its deps are not satisfiable. Enable this if you want to experience broken dependencies in the repositories firsthand. The default is False.
check_config_file_age
boolean <boolean-label>
Specifies whether dnf should automatically expire metadata of repos, which are older than their corresponding configuration file (usually the dnf.conf file and the foo.repo file). Default is
True
(perform the check). Expire of metadata is also affected by metadata age. See alsometadata_expire <metadata_expire-label>
.
clean_requirements_on_remove
boolean <boolean-label>
Remove dependencies that are no longer used during
dnf remove
. A package only qualifies for removal viaclean_requirements_on_remove
if it was installed through DNF but not on explicit user request, i.e. it was pulled in as a dependency. The default is True. (installonlypkgs <installonlypkgs-label>
are never automatically removed.)config_file_path
string <string-label>
Path to the default main configuration file. Default is
/etc/dnf/dnf.conf
.debuglevel
integer <integer-label>
Debug messages output level, in the range 0 to 10. The higher the number the more debug output is put to stdout. Default is 2.
defaultyes
boolean <boolean-label>
If enabled the default answer to user confirmation prompts will be
Yes
. Not to be confused withassumeyes <assumeyes-label>
which will not prompt at all. Default is False.errorlevel
integer <integer-label>
Error messages output level, in the range 0 to 10. The higher the number the more error output is put to stderr. Default is 3. This is deprecated in DNF and overwritten by -
-verbose <verbose_options-label>
commandline option.exit_on_lock
boolean <boolean-label>
Should the dnf client exit immediately when something else has the lock. Default is False
gpgkey_dns_verification
boolean <boolean-label>
Should the dnf attempt to automatically verify GPG verification keys using the DNS system. This option requires libunbound to be installed on the client system. This system has two main features. The first one is to check if any of the already installed keys have been revoked. Automatic removal of the key is not yet available, so it is up to the user, to remove revoked keys from the system. The second feature is automatic verification of new keys when a repository is added to the system. In interactive mode, the result is written to the output as a suggestion to the user. In non-interactive mode (i.e. when -y is used), this system will automatically accept keys that are available in the DNS and are correctly signed using DNSSEC. It will also accept keys that do not exist in the DNS system and their NON-existence is cryptographically proven using DNSSEC. This is mainly to preserve backward compatibility.
group_package_types
list <list-label>
List of the following: optional, default, mandatory. Tells dnf which type of packages in groups will be installed when 'groupinstall' is called. Default is: default, mandatory
ignorearch
boolean <boolean-label>
If set to
True
, RPM will allow attempts to install packages incompatible with the CPU's architecture. Defaults toFalse
. Often used together witharch <arch-label>
option.install_weak_deps
boolean <boolean-label>
When this option is set to True and a new package is about to be installed, all packages linked by weak dependency relation (Recommends or Supplements flags) with this package will pulled into the transaction. Default is True.
installonlypkgs
list <list-label>
List of provide names of packages that should only ever be installed, never upgraded. Kernels in particular fall into this category. These packages are never removed by
dnf autoremove
even if they were installed as dependencies (seeclean_requirements_on_remove <clean_requirements_on_remove-label>
for auto removal details). This option append the list values to the default installonlypkgs list used by DNF. The number of kept package versions is regulated byinstallonly_limit <installonly-limit-label>
.
installonly_limit
integer <integer-label>
Number of
installonly packages <installonlypkgs-label>
allowed to be installed concurrently. Defaults to 3. The minimal number of installonly packages is 2. Value 0 or 1 means unlimited number of installonly packages.
keepcache
boolean <boolean-label>
Keeps downloaded packages in the cache when set to True. Even if it is set to False and packages have not been installed they will still persist until next successful transaction. The default is False.
logdir
string <string-label>
Directory where the log files will be stored. Default is
/var/log
.
metadata_timer_sync
time in seconds
The minimal period between two consecutive
makecache timer
runs. The command will stop immediately if it's less than this time period since its last run. Does not affect simplemakecache
run. Use0
to completely disable automatic metadata synchronizing. The default corresponds to three hours. The value is rounded to the next commenced hour.
module_platform_id
string <string-label>
Set this to $name:$stream to override PLATFORM_ID detected from
/etc/os-release
. It is necessary to perform a system upgrade and switch to a new platform.
obsoletes
boolean <boolean-label>
This option only has affect during an install/update. It enables dnf's obsoletes processing logic, which means it makes dnf check whether any dependencies of given package are no longer required and removes them. Useful when doing distribution level upgrades. Default is 'true'.
Command-line option:
--obsoletes <obsoletes_option-label>
pluginconfpath
list <list-label>
List of directories that are searched for plugin configurations to load. All configuration files found in these directories, that are named same as a plugin, are parsed. The default path is
/etc/dnf/plugins
.pluginpath
list <list-label>
List of directories that are searched for plugins to load. Plugins found in any of the directories in this configuration option are used. The default contains a Python version-specific path.
protected_packages
list <list-label>
List of packages that DNF should never completely remove. They are protected via Obsoletes as well as user/plugin removals.
The default is:
dnf
,glob:/etc/yum/protected.d/*.conf
andglob:/etc/dnf/protected.d/*.conf
. So any packages which should be protected can do so by including a file in/etc/dnf/protected.d
with their package name in it.DNF will protect also the package corresponding to the running version of the kernel.
reposdir
list <list-label>
DNF searches for repository configuration files in the paths specified by
reposdir
. The behavior ofreposdir
could differ when it is used along with --installroot <installroot-label>
option.rpmverbosity
string <string-label>
RPM debug scriptlet output level. One of:
critical
,emergency
,error
,warn
,info
ordebug
. Default isinfo
.upgrade_group_objects_upgrade
boolean <boolean-label>
Set this to False to disable the automatic running of
group upgrade
when running theupgrade
command. Default is True (perform the operation).- ==============
Repo Options
baseurl
list <list-label>
URLs for the repository.
cost
integer <integer-label>
The relative cost of accessing this repository, defaulting to 1000. This value is compared when the priorities of two repositories are the same. The repository with the lowest cost is picked. It is useful to make the library prefer on-disk repositories to remote ones.
enabled
boolean <boolean-label>
Include this repository as a package source. The default is True.
gpgkey
list <list-label>
of stringsURLs of a GPG key files that can be used for signing metadata and packages of this repository, empty by default. If a file can not be verified using the already imported keys, import of keys from this option is attempted and the keys are then used for verification.
metalink
string <string-label>
URL of a metalink for the repository.
mirrorlist
string <string-label>
URL of a mirrorlist for the repository.
module_hotfixes
boolean <boolean-label>
Set this to True to disable module RPM filtering and make all RPMs from the repository available. The default is False. This allows user to create a repository with cherry-picked hotfixes that are included in a package set on a modular system.
name
string <string-label>
A human-readable name of the repository. Defaults to the ID of the repository.
priority
integer <integer-label>
The priority value of this repository, default is 99. If there is more than one candidate package for a particular operation, the one from a repo with the lowest priority value is picked, possibly despite being less convenient otherwise (e.g. by being a lower version).
retries
integer <integer-label>
Overrides the retries option from the [main] section for this repository.
strict
boolean <boolean-label>
If disabled, all unavailable packages or packages with broken dependencies given to DNF command will be skipped without raising the error causing the whole operation to fail. Currently works for install command only. The default is True.
type
string <string-label>
Type of repository metadata. Supported values are:
rpm-md
. Aliases forrpm-md
:rpm
,repomd
,rpmmd
,yum
,YUM
.- ================
Repo Variables
Right side of every repo option can be enriched by the following variables:
$arch
Refers to the system’s CPU architecture e.g, aarch64, i586, i686 and x86_64.
$basearch
Refers to the base architecture of the system. For example, i686 and i586 machines both have a base architecture of i386, and AMD64 and Intel64 machines have a base architecture of x86_64.
$releasever
Refers to the release version of operating system which DNF derives from information available in RPMDB.
Some options can be applied in either the main section, per repository, or in a combination. The value provided in the main section is used for all repositories as the default value and concrete repositories can override it in their configuration.
bandwidth
storage size
Total bandwidth available for downloading. Meaningful when used with the
throttle option <throttle-label>
. Storage size is in bytes by default but can be specified with a unit of storage. Valid units are 'k', 'M', 'G'.
deltarpm
boolean <boolean-label>
When enabled, DNF will save bandwidth by downloading much smaller delta RPM files, rebuilding them to RPM locally. However, this is quite CPU and I/O intensive. Default is True.
deltarpm_percentage
integer <integer-label>
When the relative size of delta vs pkg is larger than this, delta is not used. Default value is 75 (Deltas must be at least 25% smaller than the pkg). Use 0 to turn off delta rpm processing. Local repositories (with file:// baseurl) have delta rpms turned off by default.
enablegroups
boolean <boolean-label>
Determines whether DNF will allow the use of package groups for this repository. Default is True (package groups are allowed).
excludepkgs
list <list-label>
Exclude packages of this repository, specified by a name or a glob and separated by a comma, from all operations. Can be disabled using
--disableexcludes
command line switch.fastestmirror
boolean <boolean-label>
If enabled a metric is used to find the fastest available mirror. This overrides the order provided by the mirrorlist/metalink file itself. This file is often dynamically generated by the server to provide the best download speeds and enabling fastestmirror overrides this. The default is False.
gpgcheck
boolean <boolean-label>
Whether to perform GPG signature check on packages found in this repository. The default is False.
includepkgs
list <list-label>
Include packages of this repository, specified by a name or a glob and separated by a comma, in all operations. Inverse of
excludepkgs <exclude-label>
, DNF will exclude any package in the repository that doesn't match this list. This works in conjunction with exclude and doesn't override it, so if you 'excludepkgs=*.i386' and 'includepkgs=python*' then only packages starting with python that do not have an i386 arch will be seen by DNF in this repo. Can be disabled using--disableexcludes
command line switch.
ip_resolve
IP address type
Determines how DNF resolves host names. Set this to '4'/'IPv4' or '6'/'IPv6' to resolve to IPv4 or IPv6 addresses only. By default, DNF resolves to either addresses.
localpkg_gpgcheck
boolean <boolean-label>
Whether to perform a GPG signature check on local packages (packages in a file, not in a repositoy). The default is False.
max_parallel_downloads
integer <integer-label>
Maximum number of simultaneous package downloads. Defaults to 3.
metadata_expire
time in seconds
The period after which the remote repository is checked for metadata update and in the positive case the local metadata cache is updated. The default corresponds to 48 hours. Set this to
-1
ornever
to make the repo never considered expired. Expire of metadata can bee also triggered by change of timestamp of configuration files (dnf.conf
,<repo>.repo
). See alsocheck_config_file_age <check_config_file_age-label>
.
minrate
storage size
This sets the low speed threshold in bytes per second. If the server is sending data at the same or slower speed than this value for at least
timeout option <timeout-label>
seconds, DNF aborts the connection. The default is 1000. Valid units are 'k', 'M', 'G'.proxy
string <string-label>
URL of a proxy server to connect through. If none is specified then direct connection is used (the default).
proxy_username
string <string-label>
The username to use for connecting to the proxy server. Empty by default.
proxy_password
string <string-label>
The password to use for connecting to the proxy server. Empty by default.
proxy_auth_method
string <string-label>
The authentication method used by the proxy server. Valid values are 'basic', 'digest', 'negotiate', 'ntlm', 'digest_ie', 'ntlm_wb', 'none' and 'any' (default).
repo_gpgcheck
boolean <boolean-label>
Whether to perform GPG signature check on this repository's metadata. The default is False.
retries
integer <integer-label>
Set the number of times any attempt to retrieve a file should retry before returning an error. Setting this to 0 makes dnf try forever. Default is 10.
sslcacert
string <string-label>
Path to the directory or file containing the certificate authorities to verify SSL certificates. Empty by default - uses system default.
sslverify
boolean <boolean-label>
When enabled, remote SSL connections are verified. If the client can not be authenticated connecting fails and the given repo is not used further. On False, SSL connections can be used but are not verified. Default is True.
sslclientcert
string <string-label>
Path to the SSL client certificate used to connect to remote sites. Empty by default.
sslclientkey
string <string-label>
Path to the SSL client key used to connect to remote sites. Empty by default.
throttle
storage size
Limits the downloading speed. It might be an absolute value or a percentage, relative to the value of the
bandwidth option <bandwidth-label>
option.0
means no throttling (the default). The absolute value is in bytes by default but can be specified with a unit of storage. Valid units are 'k', 'M', 'G'.
timeout
time in seconds
Number of seconds to wait for a connection before timing out. Used in combination with
minrate option <minrate-label>
option. Defaults to 30 seconds.username
string <string-label>
The username to use for connecting to repo with basic HTTP authentication. Empty by default.
password
string <string-label>
The password to use for connecting to repo with basic HTTP authentication. Empty by default.
boolean
This is a data type with only two possible values.
One of following options can be used: 1, 0, True, False, yes, no
integer
It is a whole number that can be written without a fractional component.
list
It is an option that could represent one or more strings separated by space or comma characters.
string
It is a sequence of symbols or digits without any whitespace character.
Cache Files
/var/cache/dnf
Main Configuration File
/etc/dnf/dnf.conf
Repository
/etc/yum.repos.d/
Variables
Any properly named file in /etc/dnf/vars is turned into a variable named after the filename (or overrides any of the above variables but those set from commandline). Filenames may contain only alphanumeric characters and underscores and be in lowercase.
- ==========
See Also
dnf(8)
,DNF Command Reference <command_ref-label>