Migrate to `debputy` to avoid needing fakeroot

Hi

This MR enables us to produce lighttpd debs without needing fakeroot.

There is one custom remark for lighttpd in this conversion coming down to debputy automatically applying relationship substvars (see https://lists.debian.org/debian-devel/2024/03/msg00303.html). Here, lighttpd did not use ${perl:Depends} but instead had perl:any in Recommends. I have preserved this behavior by explicitly having dh_perl skip lighttpd and that is why dh_perl is involved in this MR.

Avoiding fakeroot

As useful as fakeroot has been, it is also quite fragile. As an example, a slightly out of date fakeroot can cause debs to be contaminated with non-root ownership #1024544. Additionally, fakeroot has one open unfixed RC bug filed against it that has made it unable to migrate to testing for a while.

On using debputy

To remove fakeroot, this MR introduces a build dependency on debputy and a new packaging file for specifying the ownership information. The debputy tool is relatively new in Debian and therefore it is likely that you have not used it or seen it in use. To help you getting started, here are some tips that I hope will be useful:

1. debputy comes with its own self-checking features. You can use debputy lint and debputy check-manifest to perform static validation of the packaging.
2. If you use an editor with Language Server support (often referred to as LSP), debputy comes with a Language Server implementation to provide in editor support for the debian/debputy.manifest file (and several other Debian packaging files).
   • Use debputy lsp features to get extra dependencies sorted out followed by debputy lsp editor-config to see which editors have known editor glue.
   • Editors known to work: emacs (eglot, built-in), vim (with vim-youcompleteme or vim9lsp), neovim (with nvim-lspconfig).

The above features may also useful for packages that does not use debputy since the language server and the linting feature applies to generic packaging as well.

The debputy is already part of the critical path for architecture bootstrapping (used by util-linux and shadow). Accordingly, I already have focus on keeping debputy's dependencies easy to handle for architecture bootstrapping and cross-building.

To assemble the deb without fakeroot, debputy has its own deb assembly and will skip dpkg-deb -b for any deb with static ownerships. This internal assembly was build around being bit-for-bit identical with the dpkg-deb -b.

How debputy affects the debhelper sequence

In general, debputy (via dh-debputy) is inserted into the debhelper sequence at the end and replaces a number of debhelper commands. In the current integration mode, the commands being replaced are:

• dh_fixperms
• dh_shlibdeps
• dh_gencontrol
• dh_md5sums
• dh_builddeb

Any override for these will not be respected and any custom features needed from those will have to be supported and done via debputy. In this MR, I have migrated the necessities and you will find them in debian/debputy.manifest.

You do not have to remember the above commands. You can also use debputy migrate-from-dh to detect any problem hook targets. It is an open TODO to have debputy lint and the language server support flag them as well (debputy#103 (closed)).

Optional improvements

Per https://lists.debian.org/debian-devel/2024/03/msg00303.html, you can also remove ${misc:Depends} and ${shlibs:Depends} as these are applied automatically with debputy. The debputy migrate-from-dh command will flag them if you want to clean up.

Closing remark

Thanks for considering. In case you have an concern that is not answered by the above, please let me know.