From 71ba94005a12839768315b03e0960274a10c62f0 Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Sat, 9 Nov 2024 04:13:01 -0500
Subject: [PATCH 1/3] Check that `pure-rust-build` software is minimal

This verifies the absence of utilities and libraries `max-pure`
should not need, but that are needed for building `max`.

When `pure-rust-build` was introduced in ed4deac (#624), the goal
was to test that a C toolchain was not needed. Currently, we are
installing a C toolchain, by installing `gcc` and `libc-dev`, so
that the Rust toolchain will use the linker, which it may invoke
through `cc`/`gcc`. Nonetheless, the test is effective, as verified
in #1664, becuase it uses an environment free of several packages
that `max-pure` would likely inadverently require for building, if
it failed to be "pure".

Utilities could, in principle, be installed as part of a package
other than the package(s) that usually provide them. So a `$PATH`
search is performed. However, `libssl-dev` is a library (and more
libraries might be listed in the future), with no executable tool
to do a `$PATH` search for. Furthermore, it may be possible for a
utility to be installed, such that software in a Rust toolchain
might find and use it, while not being in a `$PATH` directory. So
this checks for known DEB packages as well as searching `$PATH`.
---
 .github/workflows/ci.yml | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4f690763028..98ed8387c9b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,9 +24,24 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Prerequisites
-        run: apt-get update && apt-get install --no-install-recommends -y ca-certificates curl gcc libc-dev # gcc is required as OS abstraction
-      - name: install Rust via Rustup
-        run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal;
+        run: |
+          apt-get update
+          apt-get install --no-install-recommends -y ca-certificates curl gcc libc-dev # gcc is required as OS abstraction
+      - name: Verify environment is sufficiently minimal for the test
+        run: |
+          set -x
+          for pattern in cmake g++ libssl-dev make pkgconf pkg-config; do
+              if dpkg-query --status -- "$pattern"; then
+                  exit 1
+              fi
+          done
+          for cmd in cmake g++ make pkgconf pkg-config; do
+              if command -v -- "$cmd"; then
+                  exit 1
+              fi
+          done
+      - name: Install Rust via Rustup
+        run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal
       - uses: Swatinem/rust-cache@v2
       - run: /github/home/.cargo/bin/cargo install --debug --locked --no-default-features --features max-pure --path .
 

From c84c17e285d3933f5dbe1d4963ccd64f761e82d9 Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Sat, 9 Nov 2024 04:38:44 -0500
Subject: [PATCH 2/3] Use "slim" image for `pure-rust-build`

This changes `bookworm` to `bookworm-slim`. Information about the
Debian "slim" images is available in the "Image Variants" section
of the "About" page at https://hub.docker.com/_/debian. Which files
are removed changes over time, but I don't think files not present
in the non-slim image will be added to the slim image. Even if
something like that were to happen, the check in the previous
commit should identify an environment that has become unsuitable
for this job.

Using the smaller image should make the job a bit faster, since
that image should be a bit faster to download.
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 98ed8387c9b..2a1ef81feba 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ on:
 jobs:
   pure-rust-build:
     runs-on: ubuntu-latest
-    container: debian:bookworm
+    container: debian:bookworm-slim
     steps:
       - uses: actions/checkout@v4
       - name: Prerequisites

From 2a791c87c5568b2195aad54a05892c37d2c86078 Mon Sep 17 00:00:00 2001
From: Eliah Kagan <degeneracypressure@gmail.com>
Date: Sat, 9 Nov 2024 04:44:02 -0500
Subject: [PATCH 3/3] Change `bookworm-slim` to `stable-slim` for
 `pure-rust-build`

With the "Verify environment is sufficiently minimal for the test"
step, if a new stable release of Debian has software that makes the
environment too extensive for `pure-rust-build` to produce accurate
results, then that should be discovered.
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2a1ef81feba..1d3d8931df8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ on:
 jobs:
   pure-rust-build:
     runs-on: ubuntu-latest
-    container: debian:bookworm-slim
+    container: debian:stable-slim
     steps:
       - uses: actions/checkout@v4
       - name: Prerequisites