fix:unarchive fails for user id != 1000

borismw · borismw · commit 4da682994ef1 · 2025-05-23T00:46:00.000+02:00
diff --git a/tasks/base_dependencies/python.yml b/tasks/base_dependencies/python.yml
@@ -44,8 +44,16 @@
         path: "{{ paperless_ngx_dependency_install_tmp_dir }}"
       register: _python_archive_dir
 
+    - name: Pepare permissions of tmp dir for unarchiving python sources
+      ansible.builtin.file:
+        state: directory
+        owner: 1000
+        group: 1000
+        path: "{{ _python_archive_dir.path }}"
+
     - name: Download and extract python sources
       become: true
+      become_user: "{{ _paperless_ngx_untar_username }}"
       ansible.builtin.unarchive:
         src: "{{ paperless_ngx_python_release_url }}"
         remote_src: true
diff --git a/tasks/paperless_ngx/release_files.yml b/tasks/paperless_ngx/release_files.yml
@@ -60,14 +60,20 @@
       {{ _install_tempdir_state.files[0].path }}
       {%- endif -%}
 
+- name: Pepare permissions of tmp dir for untaring paperless-ngx sources
+  ansible.builtin.file:
+    state: directory
+    owner: ubuntu
+    group: ubuntu
+    path: "{{ _install_tempdir }}"
+
 - name: Download and extract paperless-ngx
   become: true
+  become_user: "{{ _paperless_ngx_untar_username }}"
   ansible.builtin.unarchive:
     src: "{{ _release__download_url }}"
     remote_src: true
     dest: "{{ _install_tempdir }}"
-    owner: "{{ paperless_ngx_system_user }}"
-    group: "{{ paperless_ngx_system_group }}"
   register: _download_and_unarchive_pngx
   until:
     - "not 'urlopen error' in _download_and_unarchive_pngx.msg | default('')"
@@ -80,8 +86,8 @@
   ansible.builtin.command:
     cmd: "{{ item }}"
   with_items:
-    - find {{ _install_tempdir }} -type d -exec chmod -c 0750 {} ;
-    - find {{ _install_tempdir }} -type f -exec chmod -c 0640 {} ;
+    - find {{ _install_tempdir }} -type d -exec chmod -c 0750 {} \; -exec chown {{ paperless_ngx_system_user }}:{{ paperless_ngx_system_group }} {} \;
+    - find {{ _install_tempdir }} -type f -exec chmod -c 0640 {} \; -exec chown {{ paperless_ngx_system_user }}:{{ paperless_ngx_system_group }} {} \;
   register: _set_temp_install_permissions
   changed_when:
     - 'not _set_temp_install_permissions.stdout == ""'
diff --git a/tasks/preparation/platform.yml b/tasks/preparation/platform.yml
@@ -11,6 +11,25 @@
     fail_msg: "This role only works with systemd"
     success_msg: "systemd found"
 
+- name: Determine user name with id 1000 as become-user for unarchive tasks
+  block:
+    - name: Query passwd database for user with id 1000
+      ansible.builtin.getent:
+        database: passwd
+        key: 1000
+        split: ':'
+      register: _getent_query_result
+
+    - name: Set fact username for user with id 1000
+      ansible.builtin.set_fact:
+        _paperless_ngx_untar_username: "{{ ( _getent_query_result['ansible_facts']['getent_passwd'] | dict2items | selectattr('value.2', 'equalto', '1000') )[0].value[3] }}"
+  when: (paperless_ngx_conf_usermap_uid is undefined) or paperless_ngx_conf_usermap_uid != "1000"
+
+- name: Set fact username for user with id 1000
+  ansible.builtin.set_fact:
+    _paperless_ngx_untar_username: "{{ paperless_ngx_system_user }}"
+  when: (paperless_ngx_conf_usermap_uid is defined) and paperless_ngx_conf_usermap_uid == "1000"
+
 - name: Compare versions of installed ansible and required ansible
   ansible.builtin.assert:
     that: "ansible_version.full is version_compare(ansible_version_minimum, '>=')"
