Debian packaging: explicitly allocate a group for the system user

[behrmann]

This PR explicit system group for the system user, as currently the files owned by the matrix-synapse user will belong to the nobody group, which is not ideal, since that group will regularly be used for unrelated things, so having data owned by matrix-synapse may end up readable by other system users by accident. I don't know if there is some reasoning behind this, since the original repo containing Debian packaging doesn't seem to be available anymore, so I couldn't readily find it.

This is spun out off #13582.

Pull Request Checklist

• Pull request is based on the develop branch
• Pull request includes a changelog file. The entry should:
  • Be a short description of your change which makes sense to users. "Fixed a bug that prevented receiving messages from other servers." instead of "Moved X method from EventStore to EventWorkerStore.".
  • Use markdown where necessary, mostly for code blocks.
  • End with either a period (.) or an exclamation mark (!).
  • Start with a capital letter.
  • Feel free to credit yourself, by adding a sentence "Contributed by @github_username." or "Contributed by [Your Name]." to the end of the entry.
• Pull request includes a sign off
• Code style is correct
  (run the linters)

[behrmann]

I left out the changelog entry and the Debian changelog entry so far, because I was unsure what version to add to the latter.

[reivilibre]

Seems reasonable to me — postgres and mysql both have their own groups.

[behrmann]

While trying to answer the above question I noticed that dpkg-statoverride throws a warning about --force, which apparently is deprecated for a white bouquet of --force-foo options, with --force-statoverride-add seemingly being the one that's intended here. Would you like me to add this on top of this PR or as a separate PR?

[richvdh]

since the original repo containing Debian packaging doesn't seem to be available anymore, so I couldn't readily find it.

I think you're looking for https://github.com/matrix-org/package-synapse-debian/blame/debian/0.33.9-1matrix1/debian/postinst? I don't think that helps though.

[richvdh]

I left out the changelog entry and the Debian changelog entry so far, because I was unsure what version to add to the latter.

It doesn't matter - just follow the instructions in the contributing docs. It will add a temporary version which will be fixed up at release time.

Since this only affects the debian build, there is no need for a changelog in the changelog.d directory.

[richvdh]

While trying to answer the above question I noticed that dpkg-statoverride throws a warning about --force, which apparently is deprecated for a white bouquet of --force-foo options, with --force-statoverride-add seemingly being the one that's intended here. Would you like me to add this on top of this PR or as a separate PR?

suggest a separate PR. I think there might be existing issues open around this.

[behrmann]

It doesn't matter - just follow the instructions in the contributing docs. It will add a temporary version which will be fixed up at release time.

I test the build on a Debian machine, but my dev machine is not one and I don't have dch on it ;) I went with what I think dch would have created.

[richvdh]

thanks!