Signature verification failed for microsoft teams repository

For a few days i get a “signature verification failed” error for the microsoft teams repository. I checked the url: and everything seemed fine. But the error is annoying. Is there a way to trust the signature again? I tried

zypper clean -a 

and then

zypper refresh 

but that did not help.

Remove the signature and add it again.

How do you remove the signature? That link goes to a German language page general description of how to install microsoft’s key and repository, but doesn’t say anything about how to actually remove the signature.

I tried to identify where the signature file is by checking the specific rpm that I have installed from that repository, but I could not figure it out. Here is what I did:

> rpm -qa | grep teams

> rpm -K --nosignature teams-
error: teams- open failed: No such file or directory

I could not find where to delete the key for the repository and install it again. So I tried to unintall the repository and install it again, and I still get the same “signature verification failed” error as the OP.

yast-software -> configuration -> repositorys -> gpg keys

And i posted the german link as the TO is from germany (even if we are here in the german forum).

Sorry, i meant even if we are in the english forum.

To show the key with which the package “teams” is signed:

rpm -qa --qf '%{NAME}-%{VERSION}-%{RELEASE} %{SIGPGP:pgpsig} %{SIGGPG:pgpsig}
' teams

To show the keys available on your system:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}	%{SUMMARY}

To remove a specific key (as root):

rpm -e gpg-pubkey-abcdefgh-52ae6884

Thank you, those I are the instructions I needed.

Unfortunately, after deleting microsoft’s rpm key and then re-installing it, the “signature verification failed” error is still there. I guess we will have to wait to see what the bug is from microsoft, and since they are not open-source, who knows how long it will take.

Yes, didn’t mean to complain. Thank you for the help.

How exactly is it going to fix bad signature?

bor@bor-Latitude-E5450:~/tmp$ curl -LO
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3085  100  3085    0     0   7894      0 --:--:-- --:--:-- --:--:--  7910
bor@bor-Latitude-E5450:~/tmp$ curl -LO
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   492  100   492    0     0   1418      0 --:--:-- --:--:-- --:--:--  1421
bor@bor-Latitude-E5450:~/tmp$ mkdir gpg
bor@bor-Latitude-E5450:~/tmp$ LC_ALL=C gpg --homedir $PWD/gpg --keyserver hkps://  --receive-keys EB3E94ADBE1229CF
gpg: WARNING: unsafe permissions on homedir '/home/bor/tmp/gpg'
gpg: keybox '/home/bor/tmp/gpg/pubring.kbx' created
gpg: /home/bor/tmp/gpg/trustdb.gpg: trustdb created
gpg: key EB3E94ADBE1229CF: public key "Microsoft (Release signing) <>" imported
gpg: Total number processed: 1
gpg:               imported: 1
bor@bor-Latitude-E5450:~/tmp$ LC_ALL=C gpg --homedir $PWD/gpg repomd.xml.asc 
gpg: WARNING: unsafe permissions on homedir '/home/bor/tmp/gpg'
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: assuming signed data in 'repomd.xml'
gpg: Signature made Mon Sep 19 14:43:14 2022 MSK
gpg:                using RSA key EB3E94ADBE1229CF
gpg: **BAD signature from "Microsoft (Release signing) <>"** [unknown]

Someone needs to report it to Microsoft.

We had this topic already several times here in the forum with the Google Chrome repo where it helped to remove the gpg-pubkey and re-add it. This can help when the key was exchanged upstream but your local copy is still an old one.
It is possible that this is not the case here.