diff --git a/.github/workflows/test-build-deb.yaml b/.github/workflows/test-build-deb.yaml
index 0b96a107..0447158b 100644
--- a/.github/workflows/test-build-deb.yaml
+++ b/.github/workflows/test-build-deb.yaml
@@ -42,10 +42,11 @@ jobs:
           set -eu
 
           echo "::group::Get source"
-          pull-lp-source --download-only hello
-          dpkg-source -x hello*.dsc hello-src
-          rm -rf hello_*
-          mv -v hello-src/* .
+          PKG=debianutils
+          pull-lp-source --download-only "$PKG"
+          dpkg-source -x "$PKG"*.dsc pkg-src
+          rm -rf "${PKG}_"*
+          cd pkg-src
           echo "::endgroup::"
 
           echo "::group::Mark package as a native package"
@@ -63,6 +64,7 @@ jobs:
         uses: ./.source/gh-actions/common/build-debian
         with:
           docker-image: ${{ env.UBUNTU_IMAGE }}
+          source-dir: pkg-src
           eatmydata: false
 
 
@@ -118,9 +120,10 @@ jobs:
           # Get package source
           set -eu
 
-          pull-lp-source --download-only hello
-          dpkg-source -x hello*.dsc hello-src
-          rm -rfv hello_*.{dsc,debian.}*
+          PKG=debianutils
+          pull-lp-source --download-only "$PKG"
+          dpkg-source -x "$PKG"*.dsc pkg-src
+          rm -rfv "${PKG}_"*.{dsc,debian.}*
 
       - name: Checkout code
         uses: actions/checkout@v4
@@ -132,7 +135,7 @@ jobs:
         with:
           docker-image: ${{ env.UBUNTU_IMAGE }}
           sources-only: true
-          source-dir: ./hello-src
+          source-dir: pkg-src
           lintian: skip
 
 
diff --git a/gh-actions/common/build-debian/action.yaml b/gh-actions/common/build-debian/action.yaml
index 07cfab23..d7555e67 100644
--- a/gh-actions/common/build-debian/action.yaml
+++ b/gh-actions/common/build-debian/action.yaml
@@ -59,6 +59,11 @@ inputs:
     description: Arguments to pass to lintian, if any. Set to `skip` to skip the lintian check.
     default: ''
 
+  lrc:
+    required: false
+    description: Arguments to pass to licenserecon, if any. Set to `skip` to skip the licenserecon check.
+    default: ''
+
 
 # The process:
 # 1. We build the source package in a docker container. If ca-certificates are
@@ -150,6 +155,27 @@ runs:
           echo "SOURCE_DIR=${srcdir}" >> "${GITHUB_ENV}"
           echo "::endgroup::"
 
+    - name: Check licenses
+      if: ${{ inputs.lrc != 'skip' }}
+      uses: kohlerdominik/docker-run-action@v2.0.0
+      with:
+        # Use ubuntu:devel to have a recent version of licenserecon, because we
+        # found older versions to report false positives (e.g. GPL-2 vs GPL-2+).
+        image: ubuntu:devel
+        volumes: |
+          ${{ github.workspace }}:${{ github.workspace }}
+        workdir: ${{ env.SOURCE_DIR }}
+        shell: bash
+        run: |
+          echo "::group::Install licenserecon"
+          apt-get update
+          apt-get install -y --no-install-recommends licenserecon
+          echo "::endgroup::"
+
+          echo "::group::Run licenserecon"
+          lrc ${{ inputs.lrc }}
+          echo "::endgroup::"
+
     - name: Prepare source package
       uses: kohlerdominik/docker-run-action@v2.0.0
       with: