Some options can be applied in either the main section, per
repository, or in a combination. The value provided in the main
section is used for all repositories as the default value, which
repositories can then override in their configuration.
bandwidth
storage size
Total bandwidth available for downloading. Meaningful when
used with the throttle option. Storage size is in bytes by
default but can be specified with a unit of storage. Valid
units are 'k', 'M', 'G'.
countme
boolean
Determines whether a special flag should be added to a
single, randomly chosen metalink/mirrorlist query each
week. This allows the repository owner to estimate the
number of systems consuming it, by counting such queries
over a week's time, which is much more accurate than just
counting unique IP addresses (which is subject to both
overcounting and undercounting due to short DHCP leases
and NAT, respectively).
The flag is a simple 'countme=N' parameter appended to the
metalink and mirrorlist URL, where N is an integer
representing the 'longevity' bucket this system belongs
to. The following 4 buckets are defined, based on how
many full weeks have passed since the beginning of the
week when this system was installed: 1 = first week, 2 =
first month (2-4 weeks), 3 = six months (5-24 weeks) and 4
= more than six months (> 24 weeks). This information is
meant to help distinguish short-lived installs from
long-term ones, and to gather other statistics about
system lifecycle.
Default is False.
deltarpm
boolean
When enabled, DNF will save bandwidth by downloading much
smaller delta RPM files, rebuilding them to RPM locally.
However, this is quite CPU and I/O intensive. Default is
True.
deltarpm_percentage
integer
When the relative size of delta vs pkg is larger than
this, delta is not used. Default value is 75 (Deltas must
be at least 25% smaller than the pkg). Use 0 to turn off
delta rpm processing. Local repositories (with file://
baseurl) have delta rpms turned off by default.
enablegroups
boolean
Determines whether DNF will allow the use of package
groups for this repository. Default is True (package
groups are allowed).
excludepkgs
list
Exclude packages of this repository, specified by a name
or a glob and separated by a comma, from all operations.
Can be disabled using --disableexcludes command line
switch. Defaults to [].
fastestmirror
boolean
If enabled a metric is used to find the fastest available
mirror. This overrides the order provided by the
mirrorlist/metalink file itself. This file is often
dynamically generated by the server to provide the best
download speeds and enabling fastestmirror overrides this.
The default is False.
gpgcheck
boolean
Whether to perform GPG signature check on packages found
in this repository. The default is False.
This option can only be used to strengthen the active RPM
security policy set with the %_pkgverify_level macro (see
the /usr/lib/rpm/macros file for details). That means, if
the macro is set to 'signature' or 'all' and this option
is False, it will be overridden to True during DNF
runtime, and a warning will be printed. To squelch the
warning, make sure this option is True for every enabled
repository, and also enable localpkg_gpgcheck.
includepkgs
list
Include packages of this repository, specified by a name
or a glob and separated by a comma, in all operations.
Inverse of excludepkgs, DNF will exclude any package in
the repository that doesn't match this list. This works in
conjunction with excludepkgs and doesn't override it, so
if you 'excludepkgs=*.i386' and 'includepkgs=python*' then
only packages starting with python that do not have an
i386 arch will be seen by DNF in this repo. Can be
disabled using --disableexcludes command line switch.
Defaults to [].
ip_resolve
IP address type
Determines how DNF resolves host names. Set this to
'4'/'IPv4' or '6'/'IPv6' to resolve to IPv4 or IPv6
addresses only. By default, DNF resolves to either
addresses.
localpkg_gpgcheck
boolean
Whether to perform a GPG signature check on local packages
(packages in a file, not in a repository). The default is
False. This option is subject to the active RPM security
policy (see gpgcheck for more details).
max_parallel_downloads
integer
Maximum number of simultaneous package downloads. Defaults
to 3. Maximum of 20.
metadata_expire
time in seconds
The period after which the remote repository is checked
for metadata update and in the positive case the local
metadata cache is updated. The default corresponds to 48
hours. Set this to -1 or never to make the repo never
considered expired. Expire of metadata can be also
triggered by change of timestamp of configuration files
(dnf.conf, <repo>.repo). See also check_config_file_age.
minrate
storage size
This sets the low speed threshold in bytes per second. If
the server is sending data at the same or slower speed
than this value for at least timeout option seconds, DNF
aborts the connection. The default is 1000. Valid units
are 'k', 'M', 'G'.
password
string
The password to use for connecting to a repository with
basic HTTP authentication. Empty by default.
proxy string
URL of a proxy server to connect through. Set to an empty
string to disable the proxy setting inherited from the
main section and use direct connection instead. The
expected format of this option is
<scheme>://<ip-or-hostname>[:port]. (For backward
compatibility, '_none_' can be used instead of the empty
string.)
Note: The curl environment variables (such as http_proxy)
are effective if this option is unset. See the curl man
page for details.
proxy_username
string
The username to use for connecting to the proxy server.
Empty by default.
proxy_password
string
The password to use for connecting to the proxy server.
Empty by default.
proxy_auth_method
string
The authentication method used by the proxy server. Valid
values are
┌──────────┬──────────────────────────┐
│method │ meaning │
├──────────┼──────────────────────────┤
│basic │ HTTP Basic │
│ │ authentication │
└──────────┴──────────────────────────┘
│digest │ HTTP Digest │
│ │ authentication │
├──────────┼──────────────────────────┤
│negotiate │ HTTP Negotiate (SPNEGO) │
│ │ authentication │
├──────────┼──────────────────────────┤
│ntlm │ HTTP NTLM authentication │
├──────────┼──────────────────────────┤
│digest_ie │ HTTP Digest │
│ │ authentication with an │
│ │ IE flavor │
├──────────┼──────────────────────────┤
│ntlm_wb │ NTLM delegating to │
│ │ winbind helper │
├──────────┼──────────────────────────┤
│none │ None auth method │
├──────────┼──────────────────────────┤
│any │ All suitable methods │
└──────────┴──────────────────────────┘
Defaults to any
proxy_sslcacert
string
Path to the file containing the certificate authorities to
verify proxy SSL certificates. Empty by default - uses
system default.
proxy_sslverify
boolean
When enabled, proxy SSL certificates are verified. If the
client can not be authenticated, connecting fails and the
repository is not used any further. If False, SSL
connections can be used, but certificates are not
verified. Default is True.
proxy_sslclientcert
string
Path to the SSL client certificate used to connect to
proxy server. Empty by default.
proxy_sslclientkey
string
Path to the SSL client key used to connect to proxy
server. Empty by default.
repo_gpgcheck
boolean
Whether to perform GPG signature check on this
repository's metadata. The default is False.
retries
integer
Set the number of total retries for downloading packages.
The number is accumulative, so e.g. for retries=10, dnf
will fail after any package download fails for eleventh
time. Setting this to 0 makes dnf try forever. Default is
10.
skip_if_unavailable
boolean
If enabled, DNF will continue running and disable the
repository that couldn't be synchronized for any reason.
This option doesn't affect skipping of unavailable
packages after dependency resolution. To check
inaccessibility of repository use it in combination with
refresh command line option. The default is False. Note
this option in particular can be set in your configuration
file by your distribution.
sslcacert
string
Path to the file containing the certificate authorities to
verify SSL certificates. Empty by default - uses system
default.
sslverify
boolean
When enabled, remote SSL certificates are verified. If the
client can not be authenticated, connecting fails and the
repository is not used any further. If False, SSL
connections can be used, but certificates are not
verified. Default is True.
sslverifystatus
boolean
When enabled, revocation status of the server certificate
is verified using the 'Certificate Status Request' TLS
extension (aka. OCSP stapling). Default is False.
sslclientcert
string
Path to the SSL client certificate used to connect to
remote sites. Empty by default.
sslclientkey
string
Path to the SSL client key used to connect to remote
sites. Empty by default.
throttle
storage size
Limits the downloading speed. It might be an absolute
value or a percentage, relative to the value of the
bandwidth option option. 0 means no throttling (the
default). The absolute value is in bytes by default but
can be specified with a unit of storage. Valid units are
'k', 'M', 'G'.
timeout
time in seconds
Number of seconds to wait for a connection before timing
out. Used in combination with minrate option option.
Defaults to 30 seconds.
username
string
The username to use for connecting to repo with basic HTTP
authentication. Empty by default.
user_agent
string
The User-Agent string to include in HTTP requests sent by
DNF. Defaults to
libdnf (NAME VERSION_ID; VARIANT_ID; OS.BASEARCH)
where NAME, VERSION_ID and VARIANT_ID are OS identifiers
read from the os-release(5) file, and OS and BASEARCH are
the canonical OS name and base architecture, respectively.
Example:
libdnf (Fedora 31; server; Linux.x86_64)
