Skip to main content

Usage

anaconda repo policy [--channel <CHANNEL>] [--list-all] [--create] [--show <ID>] [--edit <ID>] [--delete <ID>] [--assign <ID>] [--unassign <ID>] [--name <NAME>] [--channel-name <CHANNEL>] [--description <TEXT>] [ ... policy rules ... ]
Replace <CHANNEL> with the channel name (for —channel or —channel-name).
Replace <ID> with the policy ID (for —show, —edit, —delete, —assign, —unassign).
Replace <NAME> and <TEXT> with the policy name and description when creating or editing.

Description

Manages policies for filtering and channel assignment. Policies define rules (platform, license, package name, CVE score and status, dependencies, signing, package creation date, and exclusions) and can be assigned to channels. Use --list-all to list policies, --create or --edit to define rules, and --assign/--unassign to link policies to channels.

Options (main actions)

Option
Default
Description
--channel <CHANNEL>
Channel name (context for some actions)
--list-all
List all policies
--create
Create a new policy (use with —name, —description, and rule options)
--show <ID>
Show a policy by ID
--edit <ID>
Edit a policy by ID
--delete <ID>
Delete a policy by ID
--assign <ID>
Assign a policy to a channel
--unassign <ID>
Unassign a policy from a channel
--name <NAME>
Policy name (for create/edit)
--channel-name <CHANNEL>
Channel name (for create/edit)
--description <TEXT>
Policy description (for create/edit)
-h, --help
Show full help including platform, license, CVE, and package rules

Options (policy rules)

Use these options with --create or --edit to define policy filtering rules.
Option
Default
Description
--platform
Platforms to include (comma-separated). Values: linux-32, linux-64, linux-aarch64, linux-armv6l, linux-armv7l, linux-ppc64, linux-ppc64le, linux-s390x, osx-64, osx-arm64, win-32, win-64, zos-z, noarch
--platform-not
Platforms to exclude (comma-separated). Same values as --platform.
--license
Licenses to include (comma-separated). Values: agpl, gpl, gpl2, gpl3, lgpl, bsd, mit, apache, psf, Public-Domain, Proprietary, mozilla, other, none, cc
--license-not
Licenses to exclude (comma-separated). Same values as --license.
--package-name
Package names to include (comma-separated)
--include-dependencies
Include dependencies of matched packages
--exclude-dependencies
Exclude dependencies of matched packages
--only-signed-packages [BOOL]
Keep only signed packages
--keep-legacy-packages [BOOL]
Keep only legacy packages
--package-created-from <DATE>
Include packages created on or after this date
--package-created-to <DATE>
Include packages created on or before this date
--cve-score <SCORE>
Filter by CVE score threshold
--cve-score-comparator <OP>
<=
Comparator for CVE score filter. Values: ==, <=, >=, <, >. Must be quoted on the command line.
--cve-status
CVE statuses to include (comma-separated). Values: active, reported, mitigated, cleared, disputed
--cve-link-status-and-score <LINK>
and
Logical link between CVE status and score filters. Values: and, or
--cve-allowlist
CVE IDs to allow (comma-separated). Format: CVE-NNNN-NNNN
--exclude-cve-status
CVE statuses to exclude (comma-separated). Values: active, reported, mitigated, cleared, disputed
--exclude-package-name
Package names to exclude (comma-separated)
--exclude-package-name-exception
Package names to remove from the exclusion list (comma-separated). Accepts matchspec syntax.

Examples

List all policies 
anaconda repo policy --list-all
Show a policy 
anaconda repo policy --show <POLICY_ID>
Replace <POLICY_ID> with the ID of the policy to view.
Create a policy and assign to a channel 
anaconda repo policy --create --name "My policy" --channel-name my-channel
anaconda repo policy --assign <POLICY_ID> --channel my-channel
Replace <POLICY_ID> with the ID returned by the —create command.
Create a policy with filtering rules 
anaconda repo policy --create --name "Secure packages" --channel-name my-channel \
  --platform linux-64,noarch \
  --license-not gpl3,agpl \
  --cve-score 7.0 --cve-score-comparator "<=" \
  --only-signed-packages