From 969ac561a5417851a5a69a4ef522b9ddd1c05809 Mon Sep 17 00:00:00 2001
From: Egor Lazarchuk <yegorlz@amazon.co.uk>
Date: Mon, 25 Nov 2024 16:54:29 +0000
Subject: [PATCH] chore(devctr): update rust version to 1.82 and add libseccomp
 to devctr

- Update Rust to 1.82 version
- Add libseccomp needed for updated seccompiler version

Signed-off-by: Egor Lazarchuk <yegorlz@amazon.co.uk>
---
 rust-toolchain.toml     |  2 +-
 tools/devctr/Dockerfile | 20 +++++++++++++++++++-
 tools/devtool           |  2 +-
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/rust-toolchain.toml b/rust-toolchain.toml
index ff74857c81de..dafa1166336e 100644
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -11,7 +11,7 @@
 # allowlisted using a toolchain that requires it, causing the A/B-test to
 # always fail.
 [toolchain]
-channel = "1.79.0"
+channel = "1.82.0"
 targets = ["x86_64-unknown-linux-musl", "aarch64-unknown-linux-musl"]
 profile = "minimal"
 
diff --git a/tools/devctr/Dockerfile b/tools/devctr/Dockerfile
index f0c7c36f7593..701f5f3010e5 100644
--- a/tools/devctr/Dockerfile
+++ b/tools/devctr/Dockerfile
@@ -4,7 +4,7 @@ FROM public.ecr.aws/lts/ubuntu:24.04
 # The Rust toolchain layer will get updated most frequently, but we could keep the system
 # dependencies layer intact for much longer.
 
-ARG RUST_TOOLCHAIN="1.79.0"
+ARG RUST_TOOLCHAIN="1.82.0"
 ARG TMP_BUILD_DIR=/tmp/build
 ARG DEBIAN_FRONTEND=noninteractive
 ARG PIP_BREAK_SYSTEM_PACKAGES=1
@@ -48,6 +48,8 @@ RUN apt-get update \
     && apt-get -y install --no-install-recommends \
         # essential build tools
         gcc make libc-dev binutils-dev libssl-dev \
+        # Needed for `seccompiler`.
+        libseccomp-dev \
         # Useful utilities
         gdbserver \
         # Needed in order to be able to compile `userfaultfd-sys`.
@@ -137,6 +139,22 @@ RUN cd /usr/include/$ARCH-linux-musl \
     && ln -s ../linux linux \
     && ln -s ../asm-generic asm-generic
 
+# Install static version of libseccomp
+#
+RUN apt-get update \
+    && apt-get -y install \
+        libtool gperf \
+    && git clone https://github.com/seccomp/libseccomp /tmp/libseccomp \
+    && cd /tmp/libseccomp \
+    && ./autogen.sh \
+    && CC="musl-gcc -static" ./configure --enable-static=yes --enable-shared=false \
+    && make install \
+    && cd \
+    && apt-get purge -y \
+        libtool gperf \
+    && apt-get autoremove -y \
+    && rm -rf /tmp/libseccomp
+
 # Build iperf3-vsock
 RUN mkdir "$TMP_BUILD_DIR" && cd "$TMP_BUILD_DIR" \
     && git clone https://github.com/stefano-garzarella/iperf-vsock \
diff --git a/tools/devtool b/tools/devtool
index 3e0bc857ed52..85e1145587fd 100755
--- a/tools/devtool
+++ b/tools/devtool
@@ -68,7 +68,7 @@
 DEVCTR_IMAGE_NO_TAG="public.ecr.aws/firecracker/fcuvm"
 
 # Development container tag
-DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v75}
+DEVCTR_IMAGE_TAG=${DEVCTR_IMAGE_TAG:-v76}
 
 # Development container image (name:tag)
 # This should be updated whenever we upgrade the development container.