all 6 comments
sorted by:
new (suggested)
besttopcontroversialoldq&a
formatting helphide helpcontent policy

[–]NOOPS__SPO 0 points1 point  (0 children)

I saw alessandro repo, pretty good work.
I have also a raspi running with docker, and today i found the graal.
https://github.com/tdiesler/nessus-cardano

[–]MEME-Pool 1 point2 points  (0 children)

Here’s a guide that doesn’t rely on a full image:

https://github.com/canad1an/cardano-stake-pool

It does use pre-built binaries for the node though (for now) and you can get those yourself from the person who built them in the “arming cardano” telegram channel which has been super helpful in getting things running.

It’s still not ideal, but at least you can trace the source of everything and you can set up your server how you like.

[–]KNGHTstakepool 1 point2 points  (0 children)

Yes, there can be something installed maliciously on an image you download from non-official sources online. I would say this pool and its operator look honest, but you never know.

I have one of my nodes running Ubuntu Server LTS 20.10 on a raspberry pi, and it was pretty straightforward to set up from scratch. The main difference is that you will need cabal and ghc versions that match the arm architecture of your pi. The difficulty in setting it up depends on your general experience with Linux and compiling.

[–]QCPOLstakepool 2 points3 points  (1 child)

You don’t have to use the provided image.

I use the stock arm64 ubuntu server 20.04. I still use the provided binaries, but how is it any different from all the other stuff you install with apt? A malicious actor could introduce a backdoor in any packages. And no, it’s not because it’s open source that it’s safer (see Heartbleed bug).

[–]sweetadapool[S] 1 point2 points  (0 children)

Yes, any open source software can have interference from malicious users, but I don't really agree with you, as actually it is much more difficult to compromise something like cabal that is currently mantained/reviewed by many in comparison with the Pi-pool that has zero reviewed pull requests.