diff --git a/.gitignore b/.gitignore
index 9c6c69b..6fe13d0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 swh-*/
 packages/*
 snippets/
 !packages/README
+!packages/keys/
\ No newline at end of file
diff --git a/bin/make-package b/bin/make-package
index c2fba34..bc35ba4 100755
--- a/bin/make-package
+++ b/bin/make-package
@@ -1,107 +1,110 @@
 #!/bin/bash
 
 usage() {
     echo "Usage: $0 [-b|--build] [-u|--upload] SWH_PACKAGE"
     echo "E.g.: make-package -b swh-core"
     exit 1
 }
 
 # command line parsing
 
 build="no"
 upload="no"
 package=""
 while (( "$#" )); do
     case "$1" in
 	-b|--build) build="yes" ;;
 	-u|--upload) upload="yes" ;;
 	*) package="$1";;
     esac
     shift
 done
 if [ "$build,$upload" = "no,no" -o -z "$package" ] ; then
     usage
 fi
 
 set -e
 
 CURDIR=$(readlink -f "$package")
 PACKAGEDIR=$(readlink -f "packages")
 BASENAME="$(basename "$CURDIR")"
 MODULE="${BASENAME//-/.}"
 
 REPOSITORY=https://debian.softwareheritage.org/
 
 DESTINATION=pergamon.internal.softwareheritage.org
 DESTDIR=/srv/softwareheritage/repository
 
 TEMP=$(mktemp -d)
 
 trap "{ rm -rf $TEMP; }" EXIT
 
 cd "$CURDIR"
 
 VERSION=$(python3 -c 'import vcversioner; print(vcversioner.find_version().version)')
 
 SID_VERSION=${VERSION}-1
 SID_CHANGES_FILE=${BASENAME}_${SID_VERSION}_amd64.changes
 SID_LOGFILE=${BASENAME}_${SID_VERSION}_amd64.build
 
 BPO_VERSION=${SID_VERSION}~bpo9~swh+1
 BPO_CHANGES_FILE=${BASENAME}_${BPO_VERSION}_amd64.changes
 BPO_LOGFILE=${BASENAME}_${BPO_VERSION}_amd64.build
 
 SBUILD="sbuild -As --force-orig-source --build-dep-resolver=aptitude --build-failed-commands %SBUILD_SHELL --no-run-lintian"
 
 if [ "$build" = "yes" ] ; then
     # Generate source tarball and put it in the right place
     python3 setup.py sdist -d $TEMP
     mv $TEMP/$MODULE-$VERSION.tar.gz $TEMP/${BASENAME}_${VERSION}.orig.tar.gz
 
     # Extract source tarball and overlay Debian packaging
     cd $TEMP
     tar xf ${BASENAME}_${VERSION}.orig.tar.gz
     mv $MODULE-$VERSION $BASENAME-$VERSION
     cd $BASENAME-$VERSION
     cp -r $CURDIR/debian .
 
     # Generate changelog for unstable
     dch -v "${SID_VERSION}" "Deploy ${VERSION}"
     dch --force-distribution --distribution unstable-swh -r ""
 
     # Build unstable package with original source
     $SBUILD --extra-repository="deb [trusted=yes] ${REPOSITORY} unstable main"
 
     # Copy package to staging directory
     dcmd cp ../${SID_CHANGES_FILE} ${PACKAGEDIR}
     cp -L ../${SID_LOGFILE} ${PACKAGEDIR}
 
     # Generate changelog for backports
     dch -bv "${BPO_VERSION}" "Rebuild for stretch-backports-swh"
     dch -r --distribution stretch-backports-swh --force-distribution ""
 
     # Build backport package
-    $SBUILD --extra-repository="deb [trusted=yes] ${REPOSITORY} stretch-swh main" --extra-repository="deb http://deb.debian.org/debian stretch-backports main"
+    $SBUILD \
+        --extra-repository="deb [trusted=yes] ${REPOSITORY} stretch-swh main" \
+        --extra-repository="deb http://deb.debian.org/debian stretch-backports main" \
+        --extra-repository="deb https://download.ceph.com/debian-luminous/ stretch main" --extra-repository-key=${PACKAGEDIR}/keys/ceph.asc
 
     # Copy package to staging directory
     dcmd cp ../${BPO_CHANGES_FILE} ${PACKAGEDIR}
     cp -L ../${BPO_LOGFILE} ${PACKAGEDIR}
 fi
 
 cd "$CURDIR"
 
 if [ "$upload" = "yes" ] ; then
     if [[ "${VERSION}" == *dev* || "${VERSION}" == *post* ]]; then
         echo "Uploading a dev version is not allowed! Please tag and rebuild."
         exit 2
     fi
 
     # Sign and send packages
     for changefile in ${PACKAGEDIR}/${SID_CHANGES_FILE} ${PACKAGEDIR}/${BPO_CHANGES_FILE}; do
         debsign ${changefile}
         dcmd scp ${changefile} ${DESTINATION}:${DESTDIR}/incoming
         ssh ${DESTINATION} "umask 002; reprepro -vb ${DESTDIR} processincoming incoming"
     done
 
     git push --tags
 fi
diff --git a/packages/keys/ceph.asc b/packages/keys/ceph.asc
new file mode 100644
index 0000000..d2961c5
--- /dev/null
+++ b/packages/keys/ceph.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFX4hgkBEADLqn6O+UFp+ZuwccNldwvh5PzEwKUPlXKPLjQfXlQRig1flpCH
+E0HJ5wgGlCtYd3Ol9f9+qU24kDNzfbs5bud58BeE7zFaZ4s0JMOMuVm7p8JhsvkU
+C/Lo/7NFh25e4kgJpjvnwua7c2YrA44ggRb1QT19ueOZLK5wCQ1mR+0GdrcHRCLr
+7Sdw1d7aLxMT+5nvqfzsmbDullsWOD6RnMdcqhOxZZvpay8OeuK+yb8FVQ4sOIzB
+FiNi5cNOFFHg+8dZQoDrK3BpwNxYdGHsYIwU9u6DWWqXybBnB9jd2pve9PlzQUbO
+eHEa4Z+jPqxY829f4ldaql7ig8e6BaInTfs2wPnHJ+606g2UH86QUmrVAjVzlLCm
+nqoGymoAPGA4ObHu9X3kO8viMBId9FzooVqR8a9En7ZE0Dm9O7puzXR7A1f5sHoz
+JdYHnr32I+B8iOixhDUtxIY4GA8biGATNaPd8XR2Ca1hPuZRVuIiGG9HDqUEtXhV
+fY5qjTjaThIVKtYgEkWMT+Wet3DPPiWT3ftNOE907e6EWEBCHgsEuuZnAbku1GgD
+LBH4/a/yo9bNvGZKRaTUM/1TXhM5XgVKjd07B4cChgKypAVHvef3HKfCG2U/DkyA
+LjteHt/V807MtSlQyYaXUTGtDCrQPSlMK5TjmqUnDwy6Qdq8dtWN3DtBWQARAQAB
+tCpDZXBoLmNvbSAocmVsZWFzZSBrZXkpIDxzZWN1cml0eUBjZXBoLmNvbT6JAjgE
+EwECACIFAlX4hgkCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOhKwsBG
+DzmUXdIQAI8YPcZMBWdv489q8CzxlfRIRZ3Gv/G/8CH+EOExcmkVZ89mVHngCdAP
+DOYCl8twWXC1lwJuLDBtkUOHXNuR5+Jcl5zFOUyldq1Hv8u03vjnGT7lLJkJoqpG
+l9QD8nBqRvBU7EM+CU7kP8+09b+088pULil+8x46PwgXkvOQwfVKSOr740Q4J4nm
+/nUOyTNtToYntmt2fAVWDTIuyPpAqA6jcqSOC7Xoz9cYxkVWnYMLBUySXmSS0uxl
+3p+wK0lMG0my/gb+alke5PAQjcE5dtXYzCn+8Lj0uSfCk8Gy0ZOK2oiUjaCGYN6D
+u72qDRFBnR3jaoFqi03bGBIMnglGuAPyBZiI7LJgzuT9xumjKTJW3kN4YJxMNYu1
+FzmIyFZpyvZ7930vB2UpCOiIaRdZiX4Z6ZN2frD3a/vBxBNqiNh/BO+Dex+PDfI4
+TqwF8zlcjt4XZ2teQ8nNMR/D8oiYTUW8hwR4laEmDy7ASxe0p5aijmUApWq5UTsF
++s/QbwugccU0iR5orksM5u9MZH4J/mFGKzOltfGXNLYI6D5Mtwrnyi0BsF5eY0u6
+vkdivtdqrq2DXY+ftuqLOQ7b+t1RctbcMHGPptlxFuN9ufP5TiTWSpfqDwmHCLsT
+k2vFiMwcHdLpQ1IH8ORVRgPPsiBnBOJ/kIiXG2SxPUTjjEGOVgeA
+=/Tod
+-----END PGP PUBLIC KEY BLOCK-----