How to use Extended LTS

Adding Extended LTS repositories to APT

Installing the Freexian archive GPG key

The Extended LTS repositories are signed with the following GPG key:

sec   rsa4096 2018-05-28 [SC] [expires: 2027-12-05]
      AB597C4F6F3380BD4B2BEBC2A07310D369055D5A
uid           [ultimate] Extended LTS Repository <sysadmin@freexian.com>

To enable this key in your APT configuration, you have the following choices:

  • manually install the freexian-archive-keyring package with wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb
  • manually fetch the key with sudo wget https://deb.freexian.com/extended-lts/archive-key.gpg -O elts-archive-key.gpg && sudo mv elts-archive-key.gpg /etc/apt/trusted.gpg.d/freexian-archive-extended-lts.gpg

If you have certificate validation issues with the above commands, please retry the download step with wget --no-check-certificate ... and run the second command only after having ensured that the SHA256 checksum of the downloaded file matches the corresponding checksum listed below:

$ sha256sum freexian-archive-keyring_2022.06.08_all.deb
a8160d1aa1a40aa9988bf0b389b650550c7460ec3b4ec1d847778fe44b9c4dbc  freexian-archive-keyring_2022.06.08_all.deb

or

$ sha256sum elts-archive-key.gpg
a0b22152fdf1942f49cc1559ec4598bae8d8954da9ed38662d15b97a60909db8  elts-archive-key.gpg

Finally, you might want to double check that the archive key fingerprint displayed by apt-key finger matches the one shown above.

sources.list entries for APT

Whenever you add the Freexian ELTS repository, you should at the same time disable the Debian repositories, because the Debian repositories are likely to break over the lifetime of Freexian’s ELTS service (either because the signing key expires, or because the repository is moved away for archival).

To leave /etc/apt/sources.list for local use, we recommend to configure the ELTS repositories in /etc/apt/sources.list.d/extended-lts.list. That file will typically look like this (where ${codename} has to be replaced with the codename of the Debian release that you use):

deb https://deb.freexian.com/extended-lts ${codename} main contrib non-free

For Debian 9 stretch:

deb https://deb.freexian.com/extended-lts stretch main contrib non-free

For Debian 10 buster:

deb https://deb.freexian.com/extended-lts buster main contrib non-free

If you encounter sources.list entries with a codename like stretch-lts or buster-lts, note that those are partial repositories: they contain only the security updates provided by Freexian, and not all the original Debian packages. They can’t be used in a standalone way.