From d9c72dcdc891283265b4e7a859ce8c5a61ffd1bd Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sylvestre@debian.org>
Date: Sat, 28 Jun 2025 11:51:00 +0200
Subject: [PATCH] install -C: also the manage the ignore case

---
 src/uu/install/locales/en-US.ftl |  3 ++
 src/uu/install/locales/fr-FR.ftl |  3 ++
 src/uu/install/src/install.rs    |  9 ++++
 tests/by-util/test_install.rs    | 92 ++++++++++++++++++++++++++++----
 4 files changed, 98 insertions(+), 9 deletions(-)

diff --git a/src/uu/install/locales/en-US.ftl b/src/uu/install/locales/en-US.ftl
index 0643cc557..32ab93820 100644
--- a/src/uu/install/locales/en-US.ftl
+++ b/src/uu/install/locales/en-US.ftl
@@ -48,6 +48,9 @@ install-error-missing-file-operand = missing file operand
 install-error-missing-destination-operand = missing destination file operand after '{ $path }'
 install-error-failed-to-remove = Failed to remove existing file { $path }. Error: { $error }
 
+# Warning messages
+install-warning-compare-ignored = the --compare (-C) option is ignored when you specify a mode with non-permission bits
+
 # Verbose output
 install-verbose-creating-directory = creating directory { $path }
 install-verbose-creating-directory-step = install: creating directory { $path }
diff --git a/src/uu/install/locales/fr-FR.ftl b/src/uu/install/locales/fr-FR.ftl
index 10cc217b1..351bd2397 100644
--- a/src/uu/install/locales/fr-FR.ftl
+++ b/src/uu/install/locales/fr-FR.ftl
@@ -48,6 +48,9 @@ install-error-missing-file-operand = opérande de fichier manquant
 install-error-missing-destination-operand = opérande de fichier de destination manquant après '{ $path }'
 install-error-failed-to-remove = Échec de la suppression du fichier existant { $path }. Erreur : { $error }
 
+# Messages d'avertissement
+install-warning-compare-ignored = l'option --compare (-C) est ignorée quand un mode est indiqué avec des bits non liés à des droits
+
 # Sortie détaillée
 install-verbose-creating-directory = création du répertoire { $path }
 install-verbose-creating-directory-step = install : création du répertoire { $path }
diff --git a/src/uu/install/src/install.rs b/src/uu/install/src/install.rs
index bc35da9d3..7b58fd5dc 100644
--- a/src/uu/install/src/install.rs
+++ b/src/uu/install/src/install.rs
@@ -365,6 +365,15 @@ fn behavior(matches: &ArgMatches) -> UResult<Behavior> {
         return Err(1.into());
     }
 
+    // Check if compare is used with non-permission mode bits
+    if compare && specified_mode.is_some() {
+        let mode = specified_mode.unwrap();
+        let non_permission_bits = 0o7000; // setuid, setgid, sticky bits
+        if mode & non_permission_bits != 0 {
+            show_error!("{}", get_message("install-warning-compare-ignored"));
+        }
+    }
+
     let owner = matches
         .get_one::<String>(OPT_OWNER)
         .map(|s| s.as_str())
diff --git a/tests/by-util/test_install.rs b/tests/by-util/test_install.rs
index 514654a13..94a01eb6e 100644
--- a/tests/by-util/test_install.rs
+++ b/tests/by-util/test_install.rs
@@ -643,7 +643,9 @@ fn test_install_copy_then_compare_file_with_extra_mode() {
         .arg("-m")
         .arg("1644")
         .succeeds()
-        .no_stderr();
+        .stderr_contains(
+            "the --compare (-C) option is ignored when you specify a mode with non-permission bits",
+        );
 
     file2_meta = at.metadata(file2);
     let after_install_sticky = FileTime::from_last_modification_time(&file2_meta);
@@ -2222,20 +2224,37 @@ fn test_selinux() {
 
     let args = ["-Z", "--context=unconfined_u:object_r:user_tmp_t:s0"];
     for arg in args {
-        new_ucmd!()
+        let result = new_ucmd!()
             .arg(arg)
             .arg("-v")
             .arg(at.plus_as_string(src))
             .arg(at.plus_as_string(dest))
-            .succeeds()
-            .stdout_contains("orig' -> '");
+            .run();
+
+        // Skip test if SELinux is not enabled
+        if result
+            .stderr_str()
+            .contains("SELinux is not enabled on this system")
+        {
+            println!("Skipping SELinux test: SELinux is not enabled");
+            at.remove(&at.plus_as_string(dest));
+            continue;
+        }
+
+        result.success().stdout_contains("orig' -> '");
 
         let getfattr_output = Command::new("getfattr")
             .arg(at.plus_as_string(dest))
             .arg("-n")
             .arg("security.selinux")
-            .output()
-            .expect("Failed to run `getfattr` on the destination file");
+            .output();
+
+        // Skip test if getfattr is not available
+        let Ok(getfattr_output) = getfattr_output else {
+            println!("Skipping SELinux test: getfattr not available");
+            at.remove(&at.plus_as_string(dest));
+            continue;
+        };
         println!("{:?}", getfattr_output);
         assert!(
             getfattr_output.status.success(),
@@ -2267,14 +2286,69 @@ fn test_selinux_invalid_args() {
         "--context=nconfined_u:object_r:user_tmp_t:s0",
     ];
     for arg in args {
-        new_ucmd!()
+        let result = new_ucmd!()
             .arg(arg)
             .arg("-v")
             .arg(at.plus_as_string(src))
             .arg(at.plus_as_string(dest))
-            .fails()
-            .stderr_contains("failed to set default file creation");
+            .fails();
+
+        let stderr = result.stderr_str();
+        assert!(
+            stderr.contains("failed to set default file creation")
+                || stderr.contains("SELinux is not enabled on this system"),
+            "Expected stderr to contain either 'failed to set default file creation' or 'SELinux is not enabled on this system', but got: '{}'",
+            stderr
+        );
 
         at.remove(&at.plus_as_string(dest));
     }
 }
+
+#[test]
+#[cfg(not(any(target_os = "openbsd", target_os = "freebsd")))]
+fn test_install_compare_with_mode_bits() {
+    let test_cases = [
+        ("4755", "setuid bit", true),
+        ("2755", "setgid bit", true),
+        ("1755", "sticky bit", true),
+        ("7755", "setuid + setgid + sticky bits", true),
+        ("755", "permission-only mode", false),
+    ];
+
+    for (mode, description, should_warn) in test_cases {
+        let scene = TestScenario::new(util_name!());
+        let at = &scene.fixtures;
+        let source = format!("source_file_{}", mode);
+        let dest = format!("dest_file_{}", mode);
+
+        at.write(&source, "test content");
+
+        let mode_arg = format!("--mode={}", mode);
+
+        if should_warn {
+            scene.ucmd().args(&["-C", &mode_arg, &source, &dest])
+                .succeeds()
+                .stderr_contains("the --compare (-C) option is ignored when you specify a mode with non-permission bits");
+        } else {
+            scene
+                .ucmd()
+                .args(&["-C", &mode_arg, &source, &dest])
+                .succeeds()
+                .no_stderr();
+
+            // Test second install should be no-op due to -C
+            scene
+                .ucmd()
+                .args(&["-C", &mode_arg, &source, &dest])
+                .succeeds()
+                .no_stderr();
+        }
+
+        assert!(
+            at.file_exists(&dest),
+            "Failed to create dest file for {}",
+            description
+        );
+    }
+}