dirmngr is used as daemon

there are no commands in apt-key that use dirmngr, however user passed adv commands can trigger this.
One option is for apt-key to proactively kill any outstanding daemons in the temp-keyrings, before exiting.

This is a gnupg issue. During should notice that we took its home away and shut itself down like the fog agent does.

Status changed to 'Confirmed' because the bug affects multiple users.

We get identical problem in our software installer. It seem that dirmngr processes never goes away. We workaround the issue by terminating the process manually:

{code}
=item addRepositories( @repositories )

 See iMSCP::DistPackageManager::Interface::addRepositories()

 Param list @repositories List of repositories, each represented as a hash with the following key/value pairs:
  repository : APT repository in format 'uri suite [component1] [component2] [...]'
  repository_key_srv : APT repository key server such as keyserver.ubuntu.com (not needed if repository_key_uri is provided)
  repository_key_id : APT repository key identifier such as 5072E1F5 (not needed if repository_key_uri is provided)
  repository_key_uri : APT repository key URI such as https://packages.sury.org/php/apt.gpg (not needed if repository_key_id is provided)

=cut

sub addRepositories
{
    my ( $self, @repositories ) = @_;

    $self->{'eventManager'}->trigger( 'beforeAddDistributionRepositories', \@repositories ) == 0 or die(
        getMessageByType( 'error', { amount => 1, remove => TRUE } ) || 'Unknown error'
    );

    # Make sure that repositories are not added twice
    $self->removeRepositories( @repositories );

    my $file = iMSCP::File->new( filename => $APT_SOURCES_LIST_FILE_PATH );
    my $fileContent = $file->getAsRef();

    # Add APT repositories
    for my $repository ( @repositories ) {
        ${ $fileContent } .= <<"EOF";

deb $repository->{'repository'}
deb-src $repository->{'repository'}
EOF
        # Hide "apt-key output should not be parsed (stdout is not a terminal)" warning that
        # is raised in newest apt-key versions. Our usage of apt-key is not dangerous (not parsing)
        local $ENV{'APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE'} = TRUE;

        if ( $repository->{'repository_key_srv'} && $repository->{'repository_key_id'} ) {
            # Add the repository key from the given key server
            my $rs = execute(
                [ 'apt-key', 'adv', '--recv-keys', '--keyserver', $repository->{'repository_key_srv'}, $repository->{'repository_key_id'} ],
                \my $stdout,
                \my $stderr
            );
            debug( $stdout ) if length $stdout;
            $rs == 0 or die( $stderr || 'Unknown error' );

            # Workaround https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1633754
            execute( [ 'pkill', '-TERM', 'dirmngr' ], \$stdout, \$stderr );
        } elsif ( $repository->{'repository_key_uri'} ) {
            # Add the repository key by fetching it first from the given URI
            my $keyFile = File::Temp->new();
            $keyFile->close();
            my $rs = execute(
                [ 'wget', '--prefer-family=IPv4', '--timeout=30', '-O', $keyFile, $repository->{'repository_key_uri'} ], \my $stdout, \my $stderr
            );
            debug( $stdout ) if length $stdout;
            $rs == 0 or die( $stderr || 'Unknown error' );

            $rs = execute( [ 'apt-key', 'add', $keyFile ], \$stdout, \$stderr );
            debug( $stdout ) if length $stdout;
            $rs == 0 or die( $stderr || 'Unknown error' );
        }
    }

    $file->save();

    $sel...

@Laurent you simply should not be using apt-key and key servers and key ids. You should use keyfiles that you drop in trusted.gpg.d. I think we should kill APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE.

Anyhow, apt-key now tells dirmngr to exit in bionic and newer, bug 1773992.

@Julian

Thank for your advise. So basically, putting keys into the trusted.gpg.d directory should be sufficient to make APT happy? I never tried that way, even worse (shame on me), I was not aware of that possibility...

Regarding the environment variable, I really don't understand why we are warned. Capturing APT stdout doesn't necessarily mean parsing process... Even through, developers which invoke APT in automation script should known what they are doing. At least, a simple warn in the documentation should be sufficient... So yes, I'm with out on that point, that warn, should be dropped.

There's no way to distinguish between output being parsed and not, so that's the safest thing to do. Without it, scripts will parse it, regardless of what the manpage says; and they will break, and everyone will be unhappy.

@Julian

So, if I understand well, you want remove the APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE environment variable but keep the warning when APT-KEY detect that its output is captured? That would be tedious for us.. We do not want such a warn in our case. We capture STDOUT for the purpose of debugging (STDOUT goes to a log file and is print to screen, depending on context).

Sometime, you should let developers take decisions. If they are not able to stick to the man page recommendations, that not your problem, isn't it? Or do you consider that all developers are idiot?

BTW: It seem that simply putting keys into the trusted directory is not sufficient. APT still warn about missing PUBKEY... See also https://askubuntu.com/questions/31286/additional-keyrings-for-apt-in-trusted-gpg-d

What I want to do is provide stable versioned CLI APIs that you can specify in scripts in an environment variable.