aptly publish

Publish snapshot or local repo as Debian repository which could be served by HTTP/FTP/rsync server. Repository is signed by user’s key with GnuPG. Key should be created beforehand (see section GPG Keys below). Published repository could be consumed directly by apt.

Repositories could be published to Amazon S3 service: create bucket, configure publishing endpoint and use S3 endpoint when publishing.

GPG Keys

GPG key is required to sign any published repository. Key should be generated before publishing first repository.

Key generation, storage, backup and revocation is out of scope of this document, there are many tutorials available, e.g. this one.

Publiс part of the key should be exported from your keyring using gpg --export --armor and imported into apt keyring using apt-key tool on all machines that would be using published repositories.

Signing releases is highly recommended, but if you want to skip it, you can either use gpgDisableSign configuration option or --skip-signing flag.