This can't be reproduced in Intrepid as it was fixed there when 1.0.15 was merged.
The code shouldn't break on fresh installs, though it is redundant, as the key that
it chmods is created a couple of lines earlier in the file.
The other clue is that it reports failures for both chgrp and chmod, because the postinst
at that time was not set -e, so if the key wasn't created it would still try and operate on it.
I think the correct fix in hardy would therefore be to simply add -e to the first line of the
postinst (and probably postrm), as while the current proposed patch would fix the initial
install case it still leaves a problem when the key couldn't be created.
I'm reluctant to fix this, as all it would do would be to shift the install failure a couple of
lines earlier. There is still the question of what the failure is, as there is no error message
from the key creation failure.
It could be argued that it should be fixed with a check for the presence of the key, and the
key creation should be allowed to fail silently. I don't like that, as while package install failures
are annoying, it may leave the user unable to start e.g. postfix after installation as the cert
was not created and they got no notification about why.
I can't reproduce the failure in a hardy pbuilder here to have a guess at what the underlying