The package repositories hosting the various PHP releases are private. That means that only customers of this service can get access to them.
This document explains the various options available and the required steps to configure those repositories.
Installing the freexian archive GPG key
All the package repositories are signed with the following GPG key:
sec rsa4096 2020-08-14 [SCEA] [expires: 2027-12-06] 135709AE1EB277A46E71572620DC56A105636A88 uid [ultimate] PHP LTS <firstname.lastname@example.org>
To enable this key in your APT configuration, you have the following choices:
- manually install the freexian-archive-keyring package with
wget http://php.freexian.com/public/freexian-archive-keyring.deb && sudo dpkg -i freexian-archive-keyring.deb
- manually fetch the key with
sudo wget http://php.freexian.com/public/archive-key.gpg -O /etc/apt/trusted.gpg.d/freexian-archive-php.gpg
- configure the repository in APT and install freexian-archive-keyring
apt install --allow-unauthenticated freexian-archive-keyring
You might want to double check that the key fingerprint outputted by
apt-key finger matches the one shown above.
Configure APT’s sources.list
Use a customer specific URL
Once you have paid your subscription to the service, you will be granted a unique URL (that embeds a username and a private token) that you can use as an APT repository. The sources.list entry will look like this:
deb http://php.freexian.com/c/$USERNAME-$TOKEN $CODENAME main
$CODENAME can be either jessie, stretch, buster, bullseye or xenial depending on the Debian/Ubuntu release that you are interested in. $USERNAME and $TOKEN are given to you by Freexian.
A sample entry for Debian 10 buster could look like this:
deb http://php.freexian.com/c/john-y3aRBSgNyrWBkWRXyD7X7jYrP31MS2IZ buster main
That URL will be usable from any IP address but if we detect that the URL has leaked to third parties, we might disable the URL and require you to use a new one.
This is the only option offered for customers of the “basic” offer.
Use the main URL with registered IP or IP ranges
Customers of the “pro” or “business” offers can send Freexian a list of IP or IP ranges and Freexian will include those IP in the list of IPs allowed to access the canonical APT repositories that are available under the following sources.list entries:
deb http://php.freexian.com/apt jessie main deb http://php.freexian.com/apt stretch main deb http://php.freexian.com/apt buster main deb http://php.freexian.com/apt bullseye main deb http://php.freexian.com/apt xenial main
Host a private mirror of the package repository
Customers of the “pro” and “business” offers will be granted personal access credentials for the rsync service allowing them to host a mirror of the full package repository. See the documentation to learn how to setup such a mirror.
Be nice, use local mirrors/cache
There are currently no mirrors of this service and it runs on a single dedicated server. If you have many machines to keep secure, please make a local mirror (or use some cache) and point your machines to your local mirror (or cache) instead of pointing them to the repositories provided by Freexian.