ostree.repo-config OSTree Developer Colin Walters walters@verbum.org ostree.repo-config 5 ostree.repo-config OSTree repository configuration Description The config file in an OSTree repository is a "keyfile" in the XDG Desktop Entry Specification format. It has several global flags, as well as zero or more remote entries which describe how to access remote repositories. See ostree.repo5 for more information about OSTree repositories. [core] Section Options Repository-global options. The following entries are defined: mode One of bare, bare-user or archive-z2. repo_version Currently, this must be set to 1. commit-update-summary Boolean value controlling whether or not to automatically update the summary file after a commit. Defaults to false. fsync Boolean value controlling whether or not to ensure files are on stable storage when performing operations such as commits, pulls, and checkouts. Defaults to true. If you disable fsync, OSTree will no longer be robust against kernel crashes or power loss. You might choose to disable this for local development repositories, under the assumption they can be recreated from source. Similarly, you could disable for a mirror where you could re-pull. For the system repository, you might choose to disable fsync if you have uninterruptable power supplies and a well tested kernel. [remote "name"] Section Options Describes a remote repository location. url Must be present; declares URL for accessing metadata and content for remote. See also contenturl. The supported schemes are documented below. contenturl Declares URL for accessing content (filez, static delta parts). When specified, url is used just for metadata: summary, static delta "superblocks". proxy A string value, if given should be a URL for a HTTP proxy to use for access to this repository. gpg-verify A boolean value, defaults to true. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see the ostree1 manual under GPG. gpg-verify-summary A boolean value, defaults to false. Controls whether or not OSTree will check if the summary is signed by a known GPG key. For more information, see the ostree1 manual under GPG. tls-permissive A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate store. If this variable is set, any certificate will be accepted. tls-client-cert-path Path to file for client-side certificate, to present when making requests to this repository. tls-client-key-path Path to file containing client-side certificate key, to present when making requests to this repository. tls-ca-path Path to file containing trusted anchors instead of the system CA database. unconfigured-state If set, pulls from this remote will fail with the configured text. This is intended for OS vendors which have a subscription process to access content. /etc/ostree/remotes.d In addition to the /ostree/repo/config file, remotes may also be specified in /etc/ostree/remotes.d. The remote configuration file must end in .conf; files whose name does not end in .conf will be ignored. Repository url/contenturl Originally, OSTree had just a url option for remotes. Since then, the contenturl option was introduced. Both of these support file, http, and https schemes. Additionally, both of these can be prefixed with the string mirrorlist=, which instructs the client that the target url is a "mirrorlist" format, which is a plain text file of newline-separated URLs. Earlier URLs will be given precedence. Note that currently, the tls-ca-path and tls-client-cert-path options apply to every HTTP request, even when contenturl and/or mirrorlist are in use. This may change in the future to only apply to metadata (i.e. url, not contenturl) fetches. Per-remote GPG keyrings and verification OSTree supports a per-remote GPG keyring, as well as a gpgkeypath option. For more information see ostree1. in the section GPG verification. Per-remote HTTP cookies Some content providers may want to control access to remote repositories via HTTP cookies. The ostree remote add-cookie and ostree remote delete-cookie commands will update a per-remote lookaside cookie jar, named $remotename.cookies.txt. See Also ostree1, ostree.repo5