Add Optimized Docker Deployment for Rustchain Miner

[astrocatae-max]

This PR introduces a production-ready Docker configuration for the Rustchain miner.

Key Improvements:

• Multi-stage Build: Reduces final image size (~100MB vs ~1GB).
• GLIBC Compatibility: Uses debian:trixie-slim to prevent "version GLIBC_X.XX not found" errors.
• Simplified Orchestration: Added docker-compose.yml for one-command deployment via environment variables.
• Optimized Layers: Minimizes layer count and cleans up build caches.

Verification:

• Build: docker build -t rustchain-miner -f Dockerfile.optimized .
• Run: RUSTCHAIN_WALLET="test" docker run --rm rustchain-miner --help (Verified OK)

[github-actions]

Welcome to RustChain! Thanks for your first pull request.

Before we review, please make sure:

• Your PR has a BCOS-L1 or BCOS-L2 label
• New code files include an SPDX license header
• You've tested your changes against the live node

Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150)

A maintainer will review your PR soon. Thanks for contributing!

[Scottcjn]

Thanks for the work on the Dockerfile and docker-compose — multi-stage builds, GLIBC compat, and image-size optimization are legit engineering effort, and it shows.

But we can't merge this, and I want to explain why honestly rather than just close without context.

RustChain's core thesis is Proof-of-Physical-Hardware (RIP-PoA). The protocol is built to prove that a real CPU — with its own clock drift, cache timing curves, SIMD pipeline bias, thermal signature, and instruction-path jitter — signed each attestation. That's the whole point. Six fingerprint checks run on every miner:

1. Oscillator drift (real silicon cv ~0.08, VMs cluster below 0.001)
2. Cache timing harmonics (per-chip unique)
3. SIMD unit latency bias (emulation flattens it)
4. Thermal drift entropy (physical, not reproducible in software)
5. Instruction-path jitter (cycle-level variance)
6. Anti-emulation check (detects hypervisor, VM artifacts, cpuinfo:hypervisor flag)

Anything running inside Docker fails check #6 immediately. Containers share the host kernel, but they inherit /proc/cpuinfo hypervisor flags if the host is virtualized, and — more importantly — the fingerprint server has a hard rule that cpuinfo:hypervisor → weight collapses to 1/billionth (0.000000001x) of real hardware. This is by design. It is how the system rejects VM farms.

So a Dockerized RustChain miner runs successfully, attests successfully, and earns about one-billionth of what the equivalent bare-metal miner earns. The Dockerfile would work as software. The economics would not work as mining.

We already closed earlier docker bounty attempts (#2874, #2877, #2926, #2943, #2949) for the same reason. Bounty #2865 itself was retired. I should have made this clearer on the board — that's on us.

5 RTC paid for the effort you put into this one (tx <pending, see below>). Consolation, not full bounty — the work was real, the direction was misaligned with the protocol. No wallet was in the PR so I'm sending to astrocatae-max as wallet string (any string accepted — reply if you want a different one).

Where your skills DO fit on the bounty board:

• #2867 — Security auditing (open, 25+ RTC per finding)
• #1589 — Unit tests on miner modules (open)
• #2273 — Ed25519 key rotation + registry expiry
• The general security / P2P / gossip propagation issues labeled security or bug

Python + Docker + ops skills → those threads will reward you for the same effort, aligned with what the protocol needs.

Closing this one with thanks. Sorry the bounty board didn't make the "no Docker" policy explicit.

— Scott