Add `ldb` RocksDB query tool to the Dockerfile (#8074)

* Add `ldb` RocksDB query tool to the Dockerfile

* Add shielded scanning link to run.md

* Add `ldb` tool instructions to install.md

* Add a rough framework for shielded-scan.md

* Add security warning and feature limitations to shielded-scan.md

book/src/user/install.md

@@ -6,7 +6,6 @@ Follow the [Docker or compilation instructions](https://zebra.zfnd.org/index.htm
 
 To compile Zebra from source, you will need to [install some dependencies.](https://zebra.zfnd.org/index.html#building-zebra).
 
-
 ## Alternative Compilation Methods
 
 ### Compiling Manually from git
@@ -58,7 +57,12 @@ If you're having trouble with:
 
 - use `cargo install` without `--locked` to build with the latest versions of each dependency
 
-#### Optional Tor feature
+## Experimental Shielded Scanning feature
+
+- install the `rocksdb-tools` or `rocksdb` packages to get the `ldb` binary, which allows expert users to
+  [query the scanner database](https://zebra.zfnd.org/user/shielded-scan.html). This binary is sometimes called `rocksdb_ldb`.
+
+## Optional Tor feature
 
 - **sqlite linker errors:** libsqlite3 is an optional dependency of the `zebra-network/tor` feature.
   If you don't have it installed, you might see errors like `note: /usr/bin/ld: cannot find -lsqlite3`.

book/src/user/run.md

@@ -13,8 +13,9 @@ structure, and documentation for all of the config options can be found
 
 You can run Zebra as a:
 
-- [`lightwalletd` backend](https://zebra.zfnd.org/user/lightwalletd.html), and
-- experimental [mining backend](https://zebra.zfnd.org/user/mining.html).
+- [`lightwalletd` backend](https://zebra.zfnd.org/user/lightwalletd.html),
+- [mining backend](https://zebra.zfnd.org/user/mining.html), or
+- experimental [Sapling shielded transaction scanner](https://zebra.zfnd.org/user/shielded-scan.html).
 
 ## Supported versions
 

book/src/user/shielded-scan.md

@@ -0,0 +1,36 @@
+# Zebra Shielded Scanning
+
+This document describes how expert users can try Zebra's shielded scanning feature.
+
+For now, we only support Sapling, and only store transaction IDs in the scanner results database.
+Ongoing development is tracked in issue [#7728](https://github.com/ZcashFoundation/zebra/issues/7728).
+
+## Important Security Warning
+
+Zebra's shielded scanning feature has known security issues. It is for experimental use only.
+
+Do not use regular or sensitive viewing keys with Zebra's experimental scanning feature. Do not use this
+feature on a shared machine. We suggest generating new keys for experimental use.
+
+## Build & Install
+
+Using the `shielded-scan` feature. TODO: add examples, document the feature in zebrad/src/lib.rs.
+
+## Configuration
+
+In `zebrad.toml`, use:
+- the `[shielded_scan]` table for database settings, and
+- the `[shielded_scan.sapling_keys_to_scan]` table for diversifiable full viewing keys.
+
+TODO: add a definition for DFVK, link to its format, and add examples and links to keys and database settings.
+
+## Running Sapling Scanning
+
+Launch Zebra and wait for 12-24 hours.
+
+## Expert: Querying Raw Sapling Scanning Results
+
+TODO: Copy these instructions and examples here:
+- https://github.com/ZcashFoundation/zebra/issues/8046#issuecomment-1844772654
+
+Database paths are different on Linux, macOS, and Windows.

docker/Dockerfile

@@ -48,6 +48,7 @@ RUN apt-get -qq update && \
     ca-certificates \
     protobuf-compiler \
     rsync \
+    rocksdb-tools \
     ; \
     rm -rf /var/lib/apt/lists/* /tmp/*
 
@@ -181,7 +182,8 @@ COPY --from=release /entrypoint.sh /
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    ca-certificates
+    ca-certificates \
+    rocksdb-tools
 
 # Config settings for zebrad
 ARG FEATURES