diff --git a/build-alpine.sh b/build-alpine.sh
old mode 100755
new mode 100644
index 47a576a..2fe7bac
--- a/build-alpine.sh
+++ b/build-alpine.sh
@@ -22,21 +22,19 @@ if ! command -v abuild &> /dev/null; then
     apk add --no-cache alpine-sdk rust cargo openssl-dev openrc git
 fi
 
-# Generate abuild signing keys (must be done in same shell session as abuild commands)
-if [ ! -f /etc/abuild.conf ] || ! grep -q PACKAGER_PRIVKEY /etc/abuild.conf 2>/dev/null; then
-    echo "Generating abuild signing keys..."
-    apk add --no-cache abuild
-    abuild-keygen -a -n 2>&1 | tee /tmp/keygen.log
-    # Find the actual key file (handles missing username prefix)
-    KEYFILE=$(ls /root/.abuild/*.rsa 2>/dev/null | head -1)
-    if [ -z "$KEYFILE" ]; then
-        KEYFILE=$(ls /root/.abuild/-*.rsa 2>/dev/null | head -1)
-    fi
-    echo "Found key: $KEYFILE"
-    # Write directly to abuild.conf
-    echo "PACKAGER_PRIVKEY=\"$KEYFILE\"" >> /etc/abuild.conf
-    cat /etc/abuild.conf
+# Generate abuild signing keys (ALWAYS generate fresh - same shell session as abuild commands)
+echo "Generating abuild signing keys..."
+apk add --no-cache abuild
+abuild-keygen -a -n 2>&1 | tee /tmp/keygen.log
+# Find the actual key file (handles missing username prefix)
+KEYFILE=$(ls /root/.abuild/*.rsa 2>/dev/null | head -1)
+if [ -z "$KEYFILE" ]; then
+    KEYFILE=$(ls /root/.abuild/-*.rsa 2>/dev/null | head -1)
 fi
+echo "Found key: $KEYFILE"
+# Write directly to abuild.conf (overwrite any stale config)
+echo "PACKAGER_PRIVKEY=\"$KEYFILE\"" > /etc/abuild.conf
+cat /etc/abuild.conf
 
 # Setup build environment
 echo "Setting up build environment..."