Why I am getting the error, "git-upload-pack not permitted"?

You are getting this error because of wrong login credentials or a permission issue.

What’s on this page:

Having Invalid Credentials

The most common cause is a wrong login credentials input.

Go to Git Repositories configuration list.  Select Actions on a particular repository then Edit Repository:

Check the repository properties for the Username and Password fields and verify that they are filled with correct values.  Retype login credentials just to make sure and save the settings.

Not Having Enough Access Permissions

The other cause is not having enough access permissions to clone repositories.  Try to clone a repository via the git client console using the correct <JIRA_user> on a Jira server.  If an error is raised, the Git Integration for Jira app will also do the same.

To install Git Integration for Jira app and clone a repository:

  1. Go to your Jira server.

  2. Install the git client: sudo apt-get install git or sudo yum install git.

  3. Verify the correct <JIRA_user> (Go to Jira Administration > System > System Info. Scroll to User NameHow?).

  4. Re-login as <JIRA_user>

  5. Run git clone http://<your-repo>/

The command should be successful.  If not, ask your administrator to setup your environment.

Using Proxies

If you are using proxy, configure your Jira with the following parameter format:

1 2 3 4 5 6 7 8 9 10 Dhttp.proxyHost=<your-proxy-host> Dhttps.proxyHost=<your-proxy-host> Dhttp.proxyPort=<your-proxy-port> Dhttps.proxyPort=<your-proxy-port> Dhttp.proxyUser=***** Dhttps.proxyUser=***** Dhttp.proxyPassword=***** Dhttps.proxyPassword=***** Dhttp.nonProxyHosts=*.some.mask|localhost|<someIP> Dhttps.nonProxyHosts=*.some.mask|localhost|<someIP>

Enter <your-git-server-host> to nonProxyHosts entries.

Examining Logs and Errors

To get a better view of the cause of the error:

  1.  See the debug logs of the jgit library in Jira generated during cloning/re-indexing of your repository.

    Enable debug logging for jgit library in Jira:

    1. Go to Administration > System.

    2. On the sidebar, under Troubleshooting and Support, select Logging & Profiling.

    3. Scroll down to the Default Loggers section, then click Configure.

    4. Enter org.apache.http for Package Name then set Logging Level to DEBUG.

    5. Click Add to add this configuration to the Debug Loggers list.

    Collect logs generated during reindex of your repository:

    1. Write down the current time right before doing a reindex – let's call it time1.

    2. Do a reindex for your repository via Git Integration for JIRA > Git Repositories.

    3. After the reindex is complete, write down the current time – let's call it time2.

    4. Collect logs created between time1 and time2.

  2. See the verbose logs of successful clone of your repository cloned by the console git client.

    1. From the command line, run set GIT_CURL_VERBOSE=1

    2. Do a git clone of the affected repository git clone http://<your-repo>.

The output is a verbose log of this process.

Compare the debug and the verbose logs and see the difference between them or send us both logs to support@bigbrassband.com for in-depth review.

Examine used authentication schemes. If you are seeing Basic authentication, you can verify that the right login credentials are passed.

How to find supported authentication schemes?

Below is an example of the debug logs of the jgit library in JIRA generated during cloning/re-indexing of your repository:

1 2 3 4 5 6 7 8 ... 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic] 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Negotiate authentication scheme not available 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Kerberos authentication scheme not available 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for NTLM authentication scheme not available 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Digest authentication scheme not available 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.client.protocol.RequestAddCookies] CookieSpec selected: default ...

In this case, the Basic authentication was used because all other authentication methods have been rejected.

How to find login credentials used in Basic authentication?

Below is another example of the debug logs of the jgit library in JIRA generated during cloning/re-indexing of your repository:

1 2 3 4 5 6 7 8 9 10 ... 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> GET /<your-git-server-url>/<your-repo-name>.git/info/refs?service=git-upload-pack HTTP/1.1 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Accept-Encoding: gzip 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Pragma: no-cache 2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> User-Agent: JGit/unknown 2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Authorization: Basic amlyYTpqaXJhcGFzc3dvcmQ= 2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Accept: application/x-git-upload-pack-advertisement, */* 2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Host: 2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Connection: Keep-Alive ...

From the above log:

  1. Find the header, Authorization.

  2. In the example it contains Basic amlyYTpqaXJhcGFzc3dvcmQ=, where amlyYTpqaXJhcGFzc3dvcmQ= is the login credentials encoded in base64. Decode the base64 string using any online decoder. Result: jira:jirapassword.

  3. Verify that jira is the expected username and jirapassword is the expected password.

< Back to topic index