Hi Andres, what do you want to know exactly ? I'm using reprepro (below the config files) with a gpg key generated ad-hoc and nginx. What do you exactly expect to be wrong ? 'Release' file is generated by reprepro and it needs to be signed [1], I generated a key that it's not obviously present in the distribution, it has to be imported, so how the key should be imported by apt system ? Sorry but from 2006 I followed the rules exposed in [1]. I don't know if there is something newer or a different approach in ubuntu. Could you please point me to some docs/specs where I can study how to build a proper apt repository for MAAS ? [1] https://wiki.debian.org/SecureApt ===== this is the directory layout exposed trough nginx: root@apt-mirror:/srv/repositories# ls conf db dists lists logs pool pubkeys pubkyes -> the pub gpg key conf -> config files for reprepro the private gpg key has been generated and it's available under root user in the keyring for gpgagent. Some packages have been imported individually not trough 'reprepro update" process, because they are not included by the filter (priority (==required) | priority (==important)). I also copied these files, how suggested by Mike: rsync --recursive --times --links --hard-links --delete --delete-after --verbose \ rsync://archive.ubuntu.com/ubuntu/dists/trusty/main/uefi/ \ /srv/repositories/dists/trusty/main/uefi ===== conf/distributions ===== Origin: Ubuntu Codename: trusty Description: Ubuntu trusty mirror Architectures: i386 amd64 Components: main multiverse restricted universe UDebComponents: main restricted universe multiverse Contents: .gz UDebIndices: Packages Release . .gz Update: - ubuntu-trusty Log: /srv/repositories/logs/mirror.log SignWith: D2B38BD3 Origin: Ubuntu Codename: trusty-updates Description: Ubuntu trusty updates Architectures: i386 amd64 Components: main multiverse restricted universe UDebComponents: main restricted universe multiverse Contents: .gz UDebIndices: Packages Release . .gz Update: - ubuntu-trusty-updates Log: /srv/repositories/logs/mirror.log SignWith: D2B38BD3 Origin: Ubuntu Codename: trusty-security Description: Ubuntu trusty security Architectures: i386 amd64 Components: main multiverse restricted universe UDebComponents: main restricted universe multiverse Contents: .gz UDebIndices: Packages Release . .gz Update: - ubuntu-trusty-security Log: /srv/repositories/logs/mirror.log SignWith: D2B38BD3 ===== conf/updates ===== Name: ubuntu-trusty Method: http://archive.ubuntu.com/ubuntu Components: main multiverse restricted universe Suite: trusty UDebComponents: main restricted universe multiverse Architectures: i386 amd64 FilterFormula: priority (==required) | priority (==important) VerifyRelease: blindtrust GetInRelease: no Name: ubuntu-trusty-security Method: http://archive.ubuntu.com/ubuntu Components: main multiverse restricted universe Suite: trusty-security UDebComponents: main restricted universe multiverse Architectures: i386 amd64 FilterFormula: priority (==required) | priority (==important) VerifyRelease: blindtrust Name: ubuntu-trusty-updates Method: http://archive.ubuntu.com/ubuntu Components: main multiverse restricted universe Suite: trusty-updates UDebComponents: main restricted universe multiverse Architectures: i386 amd64 FilterFormula: priority (==required) | priority (==important) VerifyRelease: blindtrust