Git Integration for Jira Self-Managed (Data Center/Server) Documentation

Contact Support: Server  
Contact Support: Data Center  

Why I am getting the error, “git-upload-pack not permitted”?

You are getting this error because of wrong login credentials or a permission issue.

What’s on this page:

Having Invalid Credentials

The most common cause is a wrong login credentials input.

REPOSITORY LEVEL Go to the Manage Git repositories configuration list. Select Actions for a particular repository then Edit repository settings.

Check the repository properties for the Username and Password/PAT fields and verify that they are filled with correct values. Retype login credentials just to make sure and save the settings.

INTEGRATION LEVEL Go to the Manage Git repositories configuration list. Select Actions for a particular repository then Edit integration connection settings.

Check the integration properties for the Username and Password/PAT fields and verify that they are filled with correct values. Retype login credentials just to make sure and save the settings.

Not Having Enough Access Permissions

The other cause is not having enough access permissions to clone repositories. Try to clone a repository via the git client console using the correct <JIRA_user> on a Jira server. If an error is raised, the Git Integration for Jira app will also do the same.

To install Git Integration for Jira app and clone a repository:

  1. Go to your Jira server.

  2. Install the git client: sudo apt-get install git or sudo yum install git.

  3. Verify the correct <JIRA_user> (Go to Jira Administration ➜ System ➜ System Info. Scroll to User NameHow?).

  4. Re-login as <JIRA_user>

  5. Run git clone http://<your-repo>/

The command should be successful. If not, ask your administrator to setup your environment.

Using Proxies

If you are using proxy, configure your Jira with the following parameter format:

Dhttp.proxyHost=<your-proxy-host>
Dhttps.proxyHost=<your-proxy-host>
Dhttp.proxyPort=<your-proxy-port>
Dhttps.proxyPort=<your-proxy-port>
Dhttp.proxyUser=*****
Dhttps.proxyUser=*****
Dhttp.proxyPassword=*****
Dhttps.proxyPassword=*****
Dhttp.nonProxyHosts=*.some.mask|localhost|1.1.1.1<someIP>
Dhttps.nonProxyHosts=*.some.mask|localhost|1.1.1.1<someIP>

Enter <your-git-server-host> to nonProxyHosts entries.

Examining Logs and Errors

To get a better view of the cause of the error:

  1.  See the debug logs of the jgit library in Jira generated during cloning/re-indexing of your repository.

    Enable debug logging for jgit library in Jira:

    1. Go to Jira Administration ➜ System.

    2. On the sidebar, under System Support, click Logging and profiling.

    3. Scroll down to the Default Loggers section, then click Configure.

    4. Enter org.apache.http for Package Name then set Logging Level to DEBUG.

    5. Click Add to add this configuration to the Debug Loggers list.

    Collect logs generated during reindex of your repository:

    1. Write down the current time right before doing a reindex – let’s call it time1.

    2. Do a reindex for your integration/repository via dashboard menu Git ➜ Manage repositories ➜Actions ➜ Reindex integration/repository.

    3. After the reindex is complete, write down the current time – let’s call it time2.

    4. Collect logs created between time1 and time2.

  2. See the verbose logs of successful clone of your repository cloned by the console git client.

    1. From the command line, run set GIT_CURL_VERBOSE=1

    2. Do a git clone of the affected repository git clone http://<your-repo>.

The output is a verbose log of this process.

Compare the debug and the verbose logs and see the difference between them or send us both logs to support@bigbrassband.com for in-depth review.

Examine used authentication schemes. If you are seeing Basic authentication, you can verify that the right login credentials are passed.

How to find supported authentication schemes?

Below is an example of the debug logs of the jgit library in JIRA generated during cloning/re-indexing of your repository:

...
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Negotiate authentication scheme not available
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Kerberos authentication scheme not available
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for NTLM authentication scheme not available
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.impl.client.TargetAuthenticationStrategy] Challenge for Digest authentication scheme not available
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [http.client.protocol.RequestAddCookies] CookieSpec selected: default
...

In this case, the Basic authentication was used because all other authentication methods have been rejected.

How to find login credentials used in Basic authentication?

Below is another example of the debug logs of the jgit library in JIRA generated during cloning/re-indexing of your repository:

...
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> GET /<your-git-server-url>/<your-repo-name>.git/info/refs?service=git-upload-pack HTTP/1.1
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Accept-Encoding: gzip
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Pragma: no-cache
2016-10-24 19:46:21,504 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> User-Agent: JGit/unknown
2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Authorization: Basic amlyYTpqaXJhcGFzc3dvcmQ=
2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Accept: application/x-git-upload-pack-advertisement, */*
2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Host: 123.123.123.123
2016-10-24 19:46:21,519 xiplink-gitplugin-RevisionIndexerImpl:thread - 0 DEBUG      [org.apache.http.headers] http-outgoing-9 >> Connection: Keep-Alive
...

From the above log:

  1. Find the header, Authorization.

  2. In the example it contains Basic amlyYTpqaXJhcGFzc3dvcmQ=, where amlyYTpqaXJhcGFzc3dvcmQ= is the login credentials encoded in base64. Decode the base64 string using any online decoder. Result: jira:jirapassword.

  3. Verify that jira is the expected username and jirapassword is the expected password.

Have feedback about this article? Did we miss something? Let us know!
On this page