diff --git a/generate-release.sh b/generate-release.sh
new file mode 100755
index 0000000000000000000000000000000000000000..6e6f7c6d52793ab3c9e9ccd29afde627b19d71f1
--- /dev/null
+++ b/generate-release.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+do_hash() {
+    HASH_NAME=$1
+    HASH_CMD=$2
+    echo "${HASH_NAME}:"
+    for f in $(find -type f -name "*.deb" -o -name "Packages*"); do
+        f=$(echo $f | cut -c3-) # remove ./ prefix
+        if [ "$f" = "Release" ]; then
+            continue
+        fi
+        echo " $(${HASH_CMD} ${f}  | cut -d" " -f1) $(wc -c $f)"
+    done
+}
+
+cat << EOF
+Origin: gitlab.cesnet.cz
+Label: gitlab
+Suite: metatesting
+Codename: bullseye
+Architectures: amd64
+Components: main
+Description: Gitlab fasttrack repo
+Date: $(date -Ru)
+EOF
+do_hash "MD5Sum" "md5sum"
+do_hash "SHA1" "sha1sum"
+do_hash "SHA256" "sha256sum"
+
diff --git a/make.sh b/make.sh
index d7cdbd9fef62708ab4ac472ae5272c7c4e17c399..45d8c4efb3cd482ffc9ece5d7636843bcc3aaf4c 100755
--- a/make.sh
+++ b/make.sh
@@ -35,7 +35,7 @@ if [ "${VERSION_ID}" -eq "11" ]; then
     PACKAGES="$(apt search linux-headers-5.10.0- 2>/dev/null | grep -Po "linux-headers-\K\d+\.\d+\.\d+\-\d+\-amd64" | sort -u | while read v; do echo "linux-image-$v linux-headers-$v"; done | paste -s -d ' ')"
 fi
 
-apt install -yqqq git devscripts build-essential module-assistant ${PACKAGES}
+apt install -yqqq git devscripts build-essential module-assistant gpg wget ${PACKAGES}
 
 m-a -l $(dpkg -l | grep -Po "linux-image-\K\d+.*\-amd64" | paste -s -d ',') a-b openafs > /dev/null 2>&1
 
@@ -44,5 +44,20 @@ mkdir build
 mv *.deb build/
 
 cd build
-dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
-dpkg-scanpackages . /dev/null > Release
+dpkg-scanpackages . /dev/null > Packages
+gzip -9k Packages
+./generate-release.sh > Release
+
+export GNUPGHOME=$PWD
+export GPG_TTY=$(tty)
+mkdir -p private-keys-v1.d
+gpg --list-keys
+wget --header "PRIVATE-TOKEN: ${PRIVATE_TOKEN_PASS}" https://gitlab.cesnet.cz/api/v4/projects/702%2Fprovoz%2Fopenafs-module-debian-private/repository/files/pgp-key.public/raw?ref=master -O pgp-key.public
+wget --header "PRIVATE-TOKEN: ${PRIVATE_TOKEN_PASS}" https://gitlab.cesnet.cz/api/v4/projects/702%2Fprovoz%2Fopenafs-module-debian-private/repository/files/pgp-key.private/raw?ref=master -O pgp-key.private
+cat pgp-key.private | gpg --import --pinentry-mode=loopback --passphrase "$PASS"
+gpg --list-keys
+
+cat Release | gpg --default-key gitlab --digest-algo SHA256 --cert-digest-algo SHA256 --pinentry-mode=loopback --passphrase "$PASS" -abs > Release.gpg
+cat Release | gpg --default-key gitlab --digest-algo SHA256 --cert-digest-algo SHA256 --pinentry-mode=loopback --passphrase "$PASS" -abs --clearsign > InRelease
+
+rm -vrf private-keys-v1.d pubring.kbx trustdb.gpg pgp-key.private pubring.kbx~ generate-release.sh