Packaging & Installation

dvb-WarpPool ships in multiple formats. The release pipeline (.github/workflows/release.yml) builds all artifacts listed below in parallel on every v* tag and signs them with Cosign keyless OIDC.

Update paths: After the initial install via one of the formats below, you can apply updates in two ways:

  1. Package manager (apt/dnf/docker pull/Umbrel app updater) — classic, idempotent, controlled
  2. Built-in auto-update since Phase 8 — the admin UI shows an update banner; one click runs download + sha256 verify + optional cosign verify + atomic_swap + systemd hint. See Auto-Update for the workflow.

Overview

FormatArchitectureStatusNotes
Dockeramd64 + arm64ghcr.io/<org>/dvb-warppool:<tag>
.debamd64 + arm64apt/dpkg, systemd unit included
.rpmamd64 + arm64dnf/rpm, systemd unit included
.AppImagex86_64 + aarch64Portable, no root required (RPi 5)
.dmgaarch64 + x86_64⚠ unsignedPhase B: Notarization (Dev-ID)
.msix64⚠ unsignedPhase B: code-signing certificate
TarballLinux + macOSManual installs
Umbrelamd64 + arm64packaging/umbrel/dvb-warppool/

Linux .deb (Debian / Ubuntu / Mint)

# download from GitHub Releases:
wget https://github.com/dvb-projekt/dvb-WarpPool/releases/download/v0.1.0/dvb-warppool_0.1.0-1_amd64.deb
sudo apt install ./dvb-warppool_0.1.0-1_amd64.deb

# first-run wizard (Bitcoin Core RPC, pool profile, payout address):
sudo dvb-warppool-setup

# start the daemon:
sudo systemctl enable --now dvb-warppool

# UI: http://localhost:18334

What the postinst does:

  • creates the system user warppool
  • creates /var/lib/dvb-warppool/ (data, mode 0700, owner warppool) and /var/log/dvb-warppool/
  • chgrp warppool /etc/dvb-warppool so the setup wizard can atomically write into it via sudo
  • systemctl daemon-reload

Logs: journalctl -u dvb-warppool -f

Linux .rpm (Fedora / RHEL / openSUSE)

sudo dnf install ./dvb-warppool-0.1.0-1.x86_64.rpm
sudo dvb-warppool-setup
sudo systemctl enable --now dvb-warppool

post_install_script does the same as the .deb postinst (system user, directories, daemon-reload).

Linux AppImage (portable, no-root)

chmod +x dvb-WarpPool-0.1.0-x86_64.AppImage
./dvb-WarpPool-0.1.0-x86_64.AppImage

Also available as an aarch64 AppImage for ARM boards (Raspberry Pi 5, Pine64, Rock-Pi):

chmod +x dvb-WarpPool-0.1.0-aarch64.AppImage
./dvb-WarpPool-0.1.0-aarch64.AppImage

The first launch opens the setup wizard if no ~/.config/dvb-warppool/config.toml exists. After that the daemon starts directly and the UI is reachable at http://localhost:18334.

Raspberry Pi 5 (Raspberry Pi OS / Ubuntu 24.04 for arm64)

dvb-WarpPool runs very well on the Pi 5 — the Cortex-A76 cores have significantly better single-thread performance than the Pi 4 (relevant for Stratum connection handling and Bitcoin RPC). 8 GB RAM is enough for the gross profile with a few hundred workers; with 16 GB, enterprise is realistic.

Fastest path: .deb package

# Raspberry Pi OS / Ubuntu / Debian for arm64:
wget https://github.com/dvb-projekt/dvb-WarpPool/releases/download/v0.1.0/dvb-warppool_0.1.0-1_arm64.deb
sudo apt install ./dvb-warppool_0.1.0-1_arm64.deb
sudo dvb-warppool-setup
sudo systemctl enable --now dvb-warppool

Alternative: Docker (with Bitcoin Core sidecar)

docker run -d --name warppool \
  --restart unless-stopped \
  -p 3333:3333 -p 18334:18334 \
  -v /etc/dvb-warppool:/config:ro \
  -v warppool-data:/data \
  ghcr.io/dvb/dvb-warppool:v0.1.0

Multi-arch image — Docker automatically pulls the arm64 variant on the Pi.

Storage recommendation

  • NVMe HAT (e.g. Pimoroni NVMe Base, Geekworm X1003) strongly recommended. The pool DB (SQLite WAL + shares_raw eviction every 60s) puts heavy pressure on SD cards — a typical SD only lasts months under pool load, an NVMe lasts years.
  • If using SD: high-quality industrial-grade SD (e.g. Sandisk Industrial, Western Digital Endurance) — no cheap consumer SDs.
  • A USB-3 SSD is the middle-ground option if no NVMe HAT is available.

Bitcoin Core on the same Pi

8 GB RAM is enough for both (pool + Bitcoin Core with prune=10000), as long as the mempool isn't extremely full. 16 GB is more comfortable. Bitcoin Core on its own needs 5–7 GB under normal load.

With a separate Bitcoin Core host (e.g. an Umbrel / Start9 on the LAN), 4 GB RAM is also enough on the Pi 5 for the pool alone.

hwdetect detects the Pi automatically

The setup wizard reads /proc/device-tree/model and identifies the Pi model. On the Pi 5, Environment::RaspberryPi is set, and the profile recommendation system offers gross as the feasible maximum, plus the NVMe storage hint as Severity::Info.

Pi 4 works too

The Pi 4 is tested, but the Pi 5 is recommended (higher per-core performance). Pi 3 and Pi Zero only make sense for klein profiles and are not intended for production use.

macOS .dmg

Unsigned — Gatekeeper warning on first launch. Notarization with an Apple Developer ID is planned for Phase B.

  1. Open the .dmg → drag dvb-WarpPool.app into the Applications folder
  2. Right-click → "Open" → confirm "Open" (Gatekeeper override)
  3. The first launch opens a Terminal with the setup wizard
  4. Subsequent launches: double-clicking the app opens the UI in the browser automatically

State: ~/Library/Application Support/dvb-WarpPool/ (config + data + logs)

Windows .msi

Unsigned — SmartScreen warning on first launch. Code-signing with an EV certificate is planned for Phase B.

  1. Double-click the .msi → "More info" → "Run anyway"
  2. Installs to C:\Program Files\dvb-WarpPool\
  3. Start the setup wizard manually: Start menu → dvb-warppool-setup
  4. Daemon via Task Scheduler or Command Prompt: dvb-warppool-daemon.exe --config C:\ProgramData\dvb-warppool\config.toml

Docker

docker run -d --name warppool \
  -p 3333:3333 -p 18334:18334 \
  -v /etc/dvb-warppool:/config:ro \
  -v warppool-data:/data \
  ghcr.io/dvb/dvb-warppool:v0.1.0 \
  --config /config/config.toml --data-dir /data

Multi-arch (amd64 + arm64) is selected automatically — no --platform needed.

Signature verification (Cosign)

Every release includes SHA256SUMS plus a Cosign keyless signature (SHA256SUMS.sig + SHA256SUMS.pem). Verification without locally stored keys (OIDC trust):

cosign verify-blob \
  --certificate SHA256SUMS.pem \
  --signature SHA256SUMS.sig \
  --certificate-identity-regexp "https://github.com/dvb-projekt/dvb-WarpPool/.github/workflows/release.yml@.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  SHA256SUMS

# then against the individual files:
sha256sum --check SHA256SUMS

SLSA build provenance

Every release ships with SLSA-3 provenance via slsa-github-generator. The provenance is in the release assets area (*.intoto.jsonl) and can be checked with slsa-verifier:

slsa-verifier verify-artifact \
  --provenance-path multiple.intoto.jsonl \
  --source-uri github.com/dvb-projekt/dvb-WarpPool \
  --source-tag v0.1.0 \
  dvb-warppool_0.1.0-1_amd64.deb

SBOM (SPDX)

sbom.spdx.json in every release lists all crates with their versions and licenses (via anchore/sbom-action). Usable with syft / grype for vulnerability audits.

Phase B — open loose ends

  • macOS Notarization: xcrun notarytool submit with a Developer ID certificate + Apple ID + app-specific password. The secrets APPLE_ID, APPLE_TEAM_ID, APPLE_NOTARY_PASSWORD need to be set in the GitHub repo secrets.
  • Windows code-signing: signtool sign with an EV certificate. Azure Code Sign is an alternative for CI-friendly token-based signing.
  • Logo / icon design: Currently only a 1×1 placeholder in the AppImage; macOS and Windows have no icon. Once the design is finalized (see ROADMAP.md), it needs to be placed under packaging/{appimage,macos,windows}/.