diff --git a/scripts/publish-deb b/scripts/publish-deb
index 08a03503..840afe8e 100755
--- a/scripts/publish-deb
+++ b/scripts/publish-deb
@@ -63,6 +63,27 @@ falco_arch_from_deb_arch() {
     esac  
 }
 
+# Sign the local DEB repository
+#
+# $1: path of the repository
+# $2: suite (eg. "stable")
+sign_repo() {
+    local release_dir=dists/$2
+    pushd $1 > /dev/null
+
+    # release signature - Release.gpg file
+    gpg --detach-sign --digest-algo SHA256 --armor ${release_dir}/Release
+    rm -f ${release_dir}/Release.gpg
+    mv ${release_dir}/Release.asc ${release_dir}/Release.gpg
+    
+    # release signature - InRelease file
+    gpg --armor --sign --clearsign --digest-algo SHA256 ${release_dir}/Release
+    rm -f ${release_dir}/InRelease
+    mv ${release_dir}/Release.asc ${release_dir}/InRelease
+
+    popd > /dev/null
+}
+
 # Update the local DEB repository
 #
 # $1: path of the repository
@@ -97,16 +118,6 @@ update_repo() {
       -o APT::FTPArchive::Release::Architectures="$(join_arr , "${architectures[@]}")" \
       ${release_dir} > ${release_dir}/Release
 
-    # release signature - Release.gpg file
-    gpg --detach-sign --digest-algo SHA256 --armor ${release_dir}/Release
-    rm -f ${release_dir}/Release.gpg
-    mv ${release_dir}/Release.asc ${release_dir}/Release.gpg
-    
-    # release signature - InRelease file
-    gpg --armor --sign --clearsign --digest-algo SHA256 ${release_dir}/Release
-    rm -f ${release_dir}/InRelease
-    mv ${release_dir}/Release.asc ${release_dir}/InRelease
-
     popd > /dev/null
 }
 
@@ -174,6 +185,7 @@ if [ "${sign_all}" ]; then
       fi
     fi
   done
+  sign_repo ${tmp_repo_path} ${debSuite}
 fi
 
 # update the repo by adding new packages
@@ -183,6 +195,7 @@ if ! [ ${#files[@]} -eq 0 ]; then
     add_deb ${tmp_repo_path} ${debSuite} ${file}
   done
   update_repo ${tmp_repo_path} ${debSuite}
+  sign_repo ${tmp_repo_path} ${debSuite}
 
   # publish
   for file in "${files[@]}"; do
diff --git a/scripts/publish-rpm b/scripts/publish-rpm
index 4e567157..b2978346 100755
--- a/scripts/publish-rpm
+++ b/scripts/publish-rpm
@@ -34,18 +34,25 @@ add_rpm() {
     sign_rpm $1 $2
 }
 
+# Sign the local RPM repository
+#
+# $1: path of the repository.
+sign_repo() {
+    pushd $1 > /dev/null
+    rm -f repodata/repomd.xml.asc
+    gpg --detach-sign --digest-algo SHA256 --armor repodata/repomd.xml
+    popd > /dev/null
+}
+
 # Update the local RPM repository
 #
 # $1: path of the repository.
 update_repo() {
     pushd $1 > /dev/null
     createrepo --update --no-database .
-    rm -f repodata/repomd.xml.asc
-    gpg --detach-sign --digest-algo SHA256 --armor repodata/repomd.xml
     popd > /dev/null
 }
 
-
 # parse options
 while getopts ":f::r::s" opt; do
     case "${opt}" in
@@ -105,6 +112,7 @@ if [ "${sign_all}" ]; then
       fi
     fi
   done
+  sign_repo ${tmp_repo_path}
 fi
 
 # update the repo by adding new packages
@@ -114,6 +122,7 @@ if ! [ ${#files[@]} -eq 0 ]; then
     add_rpm ${tmp_repo_path} ${file}
   done
   update_repo ${tmp_repo_path}
+  sign_repo ${tmp_repo_path}
 
   # publish
   for file in "${files[@]}"; do