Add chroot support to embedfs using billy's chroot helper

krrrke · krrrke · commit e6095937e57e · 2025-07-26T22:44:01.000-05:00
- Remove memfs dependency and use local sorting for ReadDir
- Implement chroot support by wrapping embedfs with chroot.New() in New()
- Add comprehensive chroot tests covering read-only operations
- Follow same pattern as memfs and osfs for consistent API
- Maintain read-only behavior - write operations still return ErrReadOnly

This enables embedfs to work with filesystem abstractions that require
chroot support for path isolation.
diff --git a/embedfs/chroot_test.go b/embedfs/chroot_test.go
@@ -0,0 +1,294 @@
+package embedfs
+
+import (
+	"io"
+	"testing"
+
+	"github.com/go-git/go-billy/v6"
+	"github.com/go-git/go-billy/v6/embedfs_testdata"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestChroot_Basic(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	// Test chroot to existing directory
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+	require.NotNil(t, chrootFS)
+
+	// Test that we can access files in the chrooted filesystem
+	f, err := chrootFS.Open("file1.txt")
+	require.NoError(t, err)
+	defer f.Close()
+
+	content, err := io.ReadAll(f)
+	require.NoError(t, err)
+	assert.Equal(t, "Hello from embedfs!", string(content))
+}
+
+func TestChroot_NestedDirectory(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	// Test chroot to nested directory
+	chrootFS, err := fs.Chroot("testdata/subdir")
+	require.NoError(t, err)
+	require.NotNil(t, chrootFS)
+
+	// Test that we can access nested files from the chrooted root
+	f, err := chrootFS.Open("nested.txt")
+	require.NoError(t, err)
+	defer f.Close()
+
+	content, err := io.ReadAll(f)
+	require.NoError(t, err)
+	assert.Equal(t, "Nested file content", string(content))
+}
+
+func TestChroot_StatInChroot(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test stat on files that exist in chrooted directory
+	fi, err := chrootFS.Stat("file1.txt")
+	require.NoError(t, err)
+	assert.Equal(t, "file1.txt", fi.Name())
+	assert.False(t, fi.IsDir())
+
+	// Test stat on directories that exist in chrooted directory
+	fi, err = chrootFS.Stat("subdir")
+	require.NoError(t, err)
+	assert.Equal(t, "subdir", fi.Name())
+	assert.True(t, fi.IsDir())
+
+	// Test stat with absolute path in chrooted filesystem
+	fi, err = chrootFS.Stat("/file2.txt")
+	require.NoError(t, err)
+	assert.Equal(t, "file2.txt", fi.Name())
+	assert.False(t, fi.IsDir())
+}
+
+func TestChroot_ReadDirInChroot(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test reading directory contents from chrooted root
+	entries, err := chrootFS.ReadDir("/")
+	require.NoError(t, err)
+
+	expectedFiles := []string{"empty.txt", "file1.txt", "file2.txt", "subdir"}
+	assert.Len(t, entries, len(expectedFiles))
+
+	foundFiles := make(map[string]bool)
+	for _, entry := range entries {
+		foundFiles[entry.Name()] = true
+	}
+
+	for _, expected := range expectedFiles {
+		assert.True(t, foundFiles[expected], "Expected file %s not found", expected)
+	}
+
+	// Test reading subdirectory from chrooted filesystem
+	entries, err = chrootFS.ReadDir("subdir")
+	require.NoError(t, err)
+	assert.Len(t, entries, 1)
+	assert.Equal(t, "nested.txt", entries[0].Name())
+}
+
+func TestChroot_PathNormalization(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	// Test chroot with different path formats
+	tests := []struct {
+		name       string
+		chrootPath string
+		openPath   string
+		expectFile string
+	}{
+		{
+			name:       "absolute chroot path",
+			chrootPath: "/testdata",
+			openPath:   "file1.txt",
+			expectFile: "file1.txt",
+		},
+		{
+			name:       "relative chroot path",
+			chrootPath: "testdata",
+			openPath:   "file1.txt",
+			expectFile: "file1.txt",
+		},
+		{
+			name:       "absolute open path in chroot",
+			chrootPath: "testdata",
+			openPath:   "/file1.txt",
+			expectFile: "file1.txt",
+		},
+		{
+			name:       "nested chroot",
+			chrootPath: "testdata/subdir",
+			openPath:   "nested.txt",
+			expectFile: "nested.txt",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			chrootFS, err := fs.Chroot(tt.chrootPath)
+			require.NoError(t, err)
+
+			f, err := chrootFS.Open(tt.openPath)
+			require.NoError(t, err)
+			defer f.Close()
+
+			assert.Equal(t, tt.expectFile, f.Name())
+		})
+	}
+}
+
+func TestChroot_NonExistentPath(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	// Test chroot to non-existent directory - billy's chroot helper allows this
+	chrootFS, err := fs.Chroot("nonexistent")
+	require.NoError(t, err)
+	require.NotNil(t, chrootFS)
+
+	// But accessing files within the non-existent chroot should fail
+	_, err = chrootFS.Open("anyfile.txt")
+	assert.Error(t, err)
+}
+
+func TestChroot_Join(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test Join operation in chrooted filesystem
+	joined := chrootFS.Join("subdir", "nested.txt")
+	assert.Equal(t, "subdir/nested.txt", joined)
+
+	// Test that joined path can be used to open file
+	f, err := chrootFS.Open(joined)
+	require.NoError(t, err)
+	defer f.Close()
+
+	content, err := io.ReadAll(f)
+	require.NoError(t, err)
+	assert.Equal(t, "Nested file content", string(content))
+}
+
+func TestChroot_UnsupportedOperations(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test that write operations still fail in chrooted embedfs
+	_, err = chrootFS.Create("newfile.txt")
+	require.ErrorIs(t, err, billy.ErrReadOnly)
+
+	err = chrootFS.Remove("file1.txt")
+	require.ErrorIs(t, err, billy.ErrReadOnly)
+
+	err = chrootFS.Rename("file1.txt", "renamed.txt")
+	require.ErrorIs(t, err, billy.ErrReadOnly)
+
+	err = chrootFS.MkdirAll("newdir", 0755)
+	require.ErrorIs(t, err, billy.ErrReadOnly)
+}
+
+func TestChroot_NestedChroot(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+
+	// Test creating nested chrootfs
+	firstChroot, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	secondChroot, err := firstChroot.Chroot("subdir")
+	require.NoError(t, err)
+
+	// Test that nested chroot works correctly
+	f, err := secondChroot.Open("nested.txt")
+	require.NoError(t, err)
+	defer f.Close()
+
+	content, err := io.ReadAll(f)
+	require.NoError(t, err)
+	assert.Equal(t, "Nested file content", string(content))
+
+	// Test that we can't access parent directory from nested chroot
+	entries, err := secondChroot.ReadDir("/")
+	require.NoError(t, err)
+	assert.Len(t, entries, 1)
+	assert.Equal(t, "nested.txt", entries[0].Name())
+}
+
+func TestChroot_FileOperations(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test file operations in chrooted filesystem
+	f, err := chrootFS.Open("file2.txt")
+	require.NoError(t, err)
+	defer f.Close()
+
+	// Test Read
+	buf := make([]byte, 10)
+	n, err := f.Read(buf)
+	require.NoError(t, err)
+	assert.Equal(t, "Another te", string(buf[:n]))
+
+	// Test Seek
+	_, err = f.Seek(0, io.SeekStart)
+	require.NoError(t, err)
+
+	// Test ReadAt
+	buf2 := make([]byte, 7)
+	n, err = f.ReadAt(buf2, 8)
+	require.NoError(t, err)
+	assert.Equal(t, "test fi", string(buf2[:n]))
+
+	// Test that file position wasn't affected by ReadAt
+	n, err = f.Read(buf)
+	require.NoError(t, err)
+	assert.Equal(t, "Another te", string(buf[:n]))
+}
+
+func TestChroot_Lstat(t *testing.T) {
+	t.Parallel()
+
+	fs := New(embedfs_testdata.GetTestData())
+	chrootFS, err := fs.Chroot("testdata")
+	require.NoError(t, err)
+
+	// Test Lstat in chrooted filesystem (should behave same as Stat for embedfs)
+	fi, err := chrootFS.Lstat("file1.txt")
+	require.NoError(t, err)
+	assert.Equal(t, "file1.txt", fi.Name())
+	assert.False(t, fi.IsDir())
+}
diff --git a/embedfs/embed.go b/embedfs/embed.go
@@ -13,7 +13,7 @@ import (
 	"sync"
 
 	"github.com/go-git/go-billy/v6"
-	"github.com/go-git/go-billy/v6/memfs"
+	"github.com/go-git/go-billy/v6/helper/chroot"
 )
 
 type Embed struct {
@@ -29,7 +29,7 @@ func New(efs *embed.FS) billy.Filesystem {
 		fs.underlying = &embed.FS{}
 	}
 
-	return fs
+	return chroot.New(fs, "/")
 }
 
 // normalizePath converts billy's absolute paths to embed.FS relative paths
@@ -120,17 +120,14 @@ func (fs *Embed) ReadDir(path string) ([]os.FileInfo, error) {
 		entries = append(entries, fi)
 	}
 
-	sort.Sort(memfs.ByName(entries))
+	sort.Slice(entries, func(i, j int) bool {
+		return entries[i].Name() < entries[j].Name()
+	})
 
 	return entries, nil
 }
 
-// Chroot is not supported.
-//
-// Calls will always return billy.ErrNotSupported.
-func (fs *Embed) Chroot(_ string) (billy.Filesystem, error) {
-	return nil, billy.ErrNotSupported
-}
+
 
 // Lstat behaves the same as Stat for embedded filesystems since there are no symlinks.
 func (fs *Embed) Lstat(filename string) (os.FileInfo, error) {
diff --git a/go.mod b/go.mod
@@ -14,3 +14,5 @@ require (
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
+
+replace github.com/go-git/go-billy/v6 => github.com/this-kirke/go-billy/v6 v6.0.0
diff --git a/go.sum b/go.sum
@@ -2,6 +2,7 @@ github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22r
 github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-git/go-billy/v6 v6.0.0-20250711053805-c1f149aaab07/go.mod h1:Pa0/zeE0tC0GiZLFFtOYXOky9SgpNF+zkrj7aEJhBVg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=

Original file line number	Diff line number	Diff line change
`@@ -14,3 +14,5 @@ require (`
`14`	`14`	`github.com/pmezard/go-difflib v1.0.0 // indirect`
`15`	`15`	`gopkg.in/yaml.v3 v3.0.1 // indirect`
`16`	`16`	`)`
	`17`	`+`
	`18`	`+replace github.com/go-git/go-billy/v6 => github.com/this-kirke/go-billy/v6 v6.0.0`