Explore workaround for Tails 5 decryption behavior

[eloquence]

Tails 5 caused double-click decryption to break, which has caused some pain and frustration for users who have upgraded their SVS. The issue is expected to at least partially resolved with this upstream PR, which may ship as early as Tails 5.1.

This issue is to explore near-term guidance we can give users to deal with decrypting larger numbers of files. The problem is that SecureDrop provides its downloads in a nested directory structure, which users now have to navigate twice -- once in the file manager to access the file, and separately in Kleopatra to decrypt it, one at a time. Kleopatra does not appear to support recursive bulk-decryption.

[eloquence]

For users comfortable on the command-line, a one-liner like this (invoked in the root into which the subdirectories were encrypted) seems to do the trick:

find . -iname '*\.gpg' -execdir gpg --decrypt-files {} \;

[eloquence]

As a GUI workaround, we can apply the upstream fix and persist it locally:

1. Boot into Tails, unlock the persistent volume, and set an admin password
2. Ensure that dotfiles persistence is enabled (Applications -> Favorites -> Configure persistent volume -> dotfiles)
3. Ensure that /home/amnesia/.local/share/applications/mimeapps.list contains the content below
4. Verify that the decryption behavior works by double-clicking a .gpg file in the file manager as you would have done before (you will have one extra click in Kleopatra to save the file)
5. Open a root shell (Applications -> System Tools -> Root Terminal)
6. Enter the following commands:
   cd /live/persistence/TailsData_unlocked/dotfiles
rsync -a --relative /home/amnesia/./.local/share/applications/mimeapps.list .
7. Reboot and unlock the persistent volume
8. Confirm that you're able to decrypt files by double-clicking them.
9. After Tails 5.1 release, remove the file in /live/persistence/TailsData_unlocked to ensure future changes apply correctly

Content for mimeapps.list from upstream:

[Default Applications]
application/pgp-encrypted=org.kde.kleopatra.desktop
x-scheme-handler/mailto=thunderbird.desktop
text/html=tor-browser.desktop

[Added Associations]
application/pgp-encrypted=org.kde.kleopatra.desktop
x-scheme-handler/mailto=thunderbird.desktop
text/html=tor-browser.desktop

I've tested this process and it works for me on Tails 5. Upon peer review, I think we can potentially share this process with folks who need a near-term workaround.

[zenmonkeykstop]

Instructions work for me in Tails 5. 👍

[eloquence]

(Closing this issue; we can add this workaround to the docs if https://gitlab.tails.boum.org/tails/tails/-/merge_requests/820 doesn't make it into Tails 5.1.)