man ostree.repo-config (5): OSTree repository configuration

DESCRIPTION

The config file in an OSTree repository is a "keyfile" in the m[blue]XDG Desktop Entry Specificationm[][1] format. It has several global flags, as well as zero or more remote entries which describe how to access remote repositories.

See ostree.repo(5) for more information about OSTree repositories.

[CORE] SECTION OPTIONS

Repository-global options. The following entries are defined:

mode

: One of bare or archive-z2.

repo_version

: Currently, this must be set to 1.

commit-update-summary

: Boolean value controlling whether or not to automatically update the summary file after a commit. Defaults to false.

fsync

Boolean value controlling whether or not to ensure files are on stable storage when performing operations such as commits, pulls, and checkouts. Defaults to true.

If you disable fsync, OSTree will no longer be robust against kernel crashes or power loss.

You might choose to disable this for local development repositories, under the assumption they can be recreated from source. Similarly, you could disable for a mirror where you could re-pull.

For the system repository, you might choose to disable fsync if you have uninterruptable power supplies and a well tested kernel.

[REMOTE NAME] SECTION OPTIONS

Describes a remote repository location.

url

: Must be present; declares URL for accessing this remote. The only supported schemes are the moment are file, http, and https.

proxy

: A string value, if given should be a URL for a HTTP proxy to use for access to this repository.

gpg-verify

: A boolean value, defaults to true. Controls whether or not OSTree will require commits to be signed by a known GPG key. For more information, see the ostree(1) manual under GPG.

gpg-verify-summary

: A boolean value, defaults to false. Controls whether or not OSTree will check if the summary is signed by a known GPG key. For more information, see the ostree(1) manual under GPG.

tls-permissive

: A boolean value, defaults to false. By default, server TLS certificates will be checked against the system certificate store. If this variable is set, any certificate will be accepted.

tls-client-cert-path

: Path to file for client-side certificate, to present when making requests to this repository.

tls-client-key-path

: Path to file containing client-side certificate key, to present when making requests to this repository.

tls-ca-path

: Path to file containing trusted anchors instead of the system CA database.

/ETC/OSTREE/REMOTES.D

In addition to the /ostree/repo/config file, remotes may also be specified in /etc/ostree/remotes.d. The remote configuration file must end in .conf; files whose name does not end in .conf will be ignored.

PER-REMOTE GPG KEYRINGS AND VERIFICATION

OSTree supports a per-remote GPG keyring. For more information see ostree(1). in the section GPG verification.

NOTES

1.

XDG Desktop Entry Specification

: http://standards.freedesktop.org/desktop-entry-spec/latest/