Most of the instructions out there are far from something I would call “best practice”, so I wrote one my own.
Install Debian Keyring #
Install package debian-archive-keyring downloaded from Debian official site, through a secure connection.
wget https://deb.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2019.1+deb10u1_all.deb
sudo apt install ./debian-archive-keyring_2019.1+deb10u1_all.deb
Required keys will be neatly shelved in directory /etc/apt/trusted.gpg.d/, uninstalling will also be easy.
Do not use apt-key to add keys here.
If we add keys with apt-key, unless otherwise specified, those keys will all be jammed into file /etc/apt/trusted.gpg. Moreover, figuring out which key is which from fingerprint before key adding/deleting is error-prone and tedious.
Note: apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.
Setup Debian Backports Suite #
Create file /etc/apt/sources.list.d/debian-buster-backports.list with following content.
deb http://deb.debian.org/debian/ buster-backports main contrib non-free
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free
The setting of NotAutomatic: yes in its Release file make backports deactivated by default, no additional priority adjustment needed. ButAutomaticUpgrades: yes is also there so upgrades will be taken care of once packages are installed from this suite.
Do not use unstable suite here.
Prepare the Kernel for DKMS #
Make sure you have the latest kernel and its corresponding headers.
sudo apt update
sudo apt install raspberrypi-kernel raspberrypi-kernel-headers
Reboot before proceeding.
Install WireGuard #
Just
sudo apt update
sudo apt install wireguard
and you’re ready to ride.