debian: fix installing qubes-guid as suid

This is how it works on Fedora, so mirror the behavior in Debian package
too.
Technically it might be possible to avoid the suid, by adjusting at
least log dir permissions, and probably few more. But that's separate
change, unbreak Debian for now.

Use postinst script instead of packaging with desired permissions
already, because the qubes group doesn't exist at the package build
time.

QubesOS/qubes-issues#8841

Author: marmarek

debian/qubes-gui-daemon.postinst

@@ -0,0 +1,31 @@
+#!/bin/bash
+# postinst script for qubes-gui-daemon
+#
+# see: dh_installdeb(1)
+
+case "${1}" in
+    configure)
+        if getent group qubes >/dev/null; then
+            chgrp qubes /usr/bin/qubes-guid
+            chmod 4750 /usr/bin/qubes-guid
+        fi
+        ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+        exit 0
+        ;;
+
+    *)
+        echo "postinst called with unknown argument \`${1}'" >&2
+        exit 1
+        ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
+
+# vim: set ts=4 sw=4 sts=4 et :