diff --git a/build-kernel.sh b/build-kernel.sh
index 08035e6..051c4b2 100755
--- a/build-kernel.sh
+++ b/build-kernel.sh
@@ -8,7 +8,10 @@ GRSECURITY="${GRSECURITY:-}"
 LINUX_VERSION="${LINUX_VERSION:-}"
 LINUX_MAJOR_VERSION="${LINUX_MAJOR_VERSION:-}"
 LINUX_CUSTOM_CONFIG="${LINUX_CUSTOM_CONFIG:-/config}"
+# "securedrop" or "workstation" (or "tiny" in CI)
 LOCALVERSION="${LOCALVERSION:-}"
+# Increment this if we need to rebuild the same kernel version for whatever reason
+export BUILD_VERSION="${BUILD_VERSION:-1}"
 export SOURCE_DATE_EPOCH
 export SOURCE_DATE_EPOCH_FORMATTED=$(date -R -d @$SOURCE_DATE_EPOCH)
 export KBUILD_BUILD_TIMESTAMP
@@ -53,6 +56,7 @@ if [[ -z "$LINUX_VERSION" ]]; then
     echo "Looking up latest release of $LINUX_MAJOR_VERSION from kernel.org"
     LINUX_VERSION="$(curl -s https://www.kernel.org/ | grep -m1 -F "$LINUX_MAJOR_VERSION" -A1 | head -n1 | grep -oP '[\d\.]+')"
 fi
+export LINUX_VERSION
 
 # 5.15.120 -> 5
 FOLDER="$(cut -d. -f1 <<< "$LINUX_VERSION").x"
@@ -82,7 +86,12 @@ tar -cf - . | pigz > ../linux-upstream_${LINUX_VERSION}-grsec-${LOCALVERSION}.or
 echo "Copying in our debian/"
 cp -R /debian debian
 
-export PACKAGE_VERSION="${LINUX_VERSION}-grsec-${LOCALVERSION}-1"
+export LINUX_BUILD_VERSION="${LINUX_VERSION}-${BUILD_VERSION}"
+if [[ -n "$GRSECURITY" && "$GRSECURITY" = "1" ]]; then
+    export VERSION_SUFFIX="grsec-${LOCALVERSION}"
+else
+    export VERSION_SUFFIX="${LOCALVERSION}"
+fi
 export DEBARCH="amd64"
 
 cat debian/control.in | envsubst > debian/control
diff --git a/debian/changelog.in b/debian/changelog.in
index 6a0dbe8..0c6177d 100644
--- a/debian/changelog.in
+++ b/debian/changelog.in
@@ -1,4 +1,4 @@
-linux-upstream (${PACKAGE_VERSION}) ${VERSION_CODENAME}; urgency=low
+linux-upstream (${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}-${BUILD_VERSION}) ${VERSION_CODENAME}; urgency=low
 
   * Custom built Linux kernel.
 
diff --git a/debian/control.in b/debian/control.in
index bcfbc13..a39b55f 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -6,11 +6,11 @@ Rules-Requires-Root: no
 Build-Depends: bc, debhelper, rsync, kmod, cpio, bison, flex, libelf-dev, libssl-dev
 Homepage: https://securedrop.org/
 
-Package: linux-image-${PACKAGE_VERSION}
+Package: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
 Architecture: ${DEBARCH}
-Description: Linux kernel, version ${PACKAGE_VERSION}
+Description: Linux kernel, version ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
  This package contains the Linux kernel, modules and corresponding other
- files, version: ${PACKAGE_VERSION}.
+ files, version: ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}.
 
 Package: linux-libc-dev
 Section: devel
@@ -21,16 +21,16 @@ Description: Linux support headers for userspace development
  are used by the installed headers for GNU glibc and other system libraries.
 Multi-Arch: same
 
-Package: linux-headers-${PACKAGE_VERSION}
+Package: linux-headers-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
 Architecture: ${DEBARCH}
-Description: Linux kernel headers for ${PACKAGE_VERSION} on ${DEBARCH}
- This package provides kernel header files for ${PACKAGE_VERSION} on ${DEBARCH}
+Description: Linux kernel headers for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX} on ${DEBARCH}
+ This package provides kernel header files for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX} on ${DEBARCH}
  .
  This is useful for people who need to build external modules
 
-Package: linux-image-${PACKAGE_VERSION}-dbg
+Package: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}-dbg
 Section: debug
 Architecture: ${DEBARCH}
-Description: Linux kernel debugging symbols for ${PACKAGE_VERSION}
+Description: Linux kernel debugging symbols for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
  This package will come in handy if you need to debug the kernel. It provides
  all the necessary debug symbols for the kernel and its modules.
diff --git a/debian/control.server b/debian/control.server
index 9073efc..9e518a4 100644
--- a/debian/control.server
+++ b/debian/control.server
@@ -1,7 +1,7 @@
 Package: securedrop-grsec
 Section: admin
 Architecture: ${DEBARCH}
-Depends: linux-image-${PACKAGE_VERSION}, intel-microcode, amd64-microcode, paxctld
+Depends: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}, intel-microcode, amd64-microcode, paxctld
 Description: Metapackage providing a grsecurity-patched Linux kernel for use
  with SecureDrop. Depends on the most recently built patched kernel maintained
  by FPF. Package also includes sysctl and PaX flags calls for GRUB.
diff --git a/debian/control.workstation b/debian/control.workstation
index fc169dd..982e634 100644
--- a/debian/control.workstation
+++ b/debian/control.workstation
@@ -2,7 +2,7 @@ Package: securedrop-workstation-grsec
 Section: admin
 Architecture: ${DEBARCH}
 Pre-Depends: qubes-kernel-vm-support (>=4.0.31)
-Depends: linux-image-${PACKAGE_VERSION}, libelf-dev, paxctld
+Depends: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}, libelf-dev, paxctld
 Description: Linux for SecureDrop Workstation template (meta-package)
  Metapackage providing a grsecurity-patched Linux kernel for use in SecureDrop
  Workstation Qubes templates. Depends on the most recently built patched kernel