Most of the instructions out there are far from something I would call “best practice”, so I wrote one my own.
Install Debian Keyring#
Install package debian-archive-keyring
downloaded from Debian official site, through a secure connection.
wget https://deb.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2019.1+deb10u1_all.deb
sudo apt install ./debian-archive-keyring_2019.1+deb10u1_all.deb
Required keys will be neatly shelved in directory /etc/apt/trusted.gpg.d/
, uninstalling will also be easy.
Do not use apt-key
to add keys here.
If we add keys with apt-key
, unless otherwise specified, those keys will all be jammed into file /etc/apt/trusted.gpg
. Moreover, figuring out which key is which from fingerprint before key adding/deleting is error-prone and tedious.
Note: apt-key(8)
will last be available in Debian 11 and Ubuntu 22.04.
Setup Debian Backports Suite#
Create file /etc/apt/sources.list.d/debian-buster-backports.list
with following content.
deb http://deb.debian.org/debian/ buster-backports main contrib non-free
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free
The setting of NotAutomatic: yes
in its Release
file make backports deactivated by default, no additional priority adjustment needed. ButAutomaticUpgrades: yes
is also there so upgrades will be taken care of once packages are installed from this suite.
Do not use unstable
suite here.
Prepare the Kernel for DKMS#
Make sure you have the latest kernel and its corresponding headers.
sudo apt update
sudo apt install raspberrypi-kernel raspberrypi-kernel-headers
Reboot before proceeding.
Install WireGuard#
Just
sudo apt update
sudo apt install wireguard
and you’re ready to ride.