This error occurs when git-daemon refuses to serve a repository because it lacks the git-daemon-export-ok file or the --export-all flag is not set. The daemon requires explicit permission to export repositories over the git:// protocol.
The "repository not exported" error is a security feature of git-daemon that prevents unauthorized access to Git repositories over the git:// protocol. Git-daemon requires repositories to explicitly opt-in to being served publicly by checking for the presence of a special marker file called git-daemon-export-ok in the repository root. When you attempt to clone or fetch from a repository via git-daemon (using git:// URLs), the daemon verifies this file exists before allowing access. If the file is missing and the daemon wasn't started with --export-all, it will reject the request with this error message. This mechanism ensures that only repositories intentionally marked as public are accessible through the git:// protocol, preventing accidental exposure of private repositories on servers running git-daemon.
For a bare repository, create an empty marker file in the repository root:
# Navigate to the repository
cd /path/to/repo.git
# Create the export marker file
touch git-daemon-export-okFor a non-bare repository, place it inside the .git directory:
cd /path/to/repo/.git
touch git-daemon-export-okImportant: Do not commit this file to the repository. It should exist only on the server filesystem.
Ensure the git-daemon-export-ok file is readable by the user running git-daemon:
# Check current permissions
ls -la /path/to/repo.git/git-daemon-export-ok
# Make it readable if needed
chmod 644 /path/to/repo.git/git-daemon-export-okIf git-daemon runs as a specific user (e.g., git-ro), verify that user can read the file:
sudo -u git-ro cat /path/to/repo.git/git-daemon-export-okVerify your git-daemon is configured correctly. Check the systemd service or init script:
# View the service configuration
systemctl cat git-daemon
# Or check the running process
ps aux | grep git-daemonCommon configuration issues:
- Trailing slash: Remove trailing slashes from directory paths in the daemon command
- Base path: Ensure --base-path is set correctly
- Whitelist: Verify repository paths are included
If you want to export all repositories without requiring the marker file, start git-daemon with --export-all:
git daemon --base-path=/srv/git --export-all --reuseaddr --verboseWarning: This exports ALL repositories in the base path. Only use this if you're certain all repositories should be publicly accessible.
To update a systemd service:
# Edit the service file
sudo systemctl edit --full git-daemon
# Add --export-all to the ExecStart line
# Then reload and restart
sudo systemctl daemon-reload
sudo systemctl restart git-daemonAfter making changes, test that the repository is now accessible:
# Try cloning from the git:// URL
git clone git://server-hostname/path/to/repo.git
# Check git-daemon logs for issues
journalctl -u git-daemon -n 50If the clone succeeds, the repository is now properly exported.
Git Protocol Limitations:
The git:// protocol is read-only by default and provides no authentication or encryption. For push access, you need to explicitly enable receive-pack by adding [daemon] receivepack = true to the repository's config file or using --enable=receive-pack when starting git-daemon. However, this is rarely recommended due to security concerns.
Security Considerations:
The git-daemon-export-ok mechanism is intentionally restrictive to prevent accidental exposure of private repositories. Before exporting repositories, ensure they contain no sensitive data. For internal networks, consider using SSH or HTTPS protocols instead, which provide authentication and encryption.
Informative Errors:
Git-daemon has an --informative-errors flag that provides more detailed error messages to clients, differentiating between "repository not found" and "repository not exported". However, this may leak information about the existence of unexported repositories. The default is --no-informative-errors for security.
Modern Alternatives:
The git:// protocol is less commonly used today. Most Git hosting is done over HTTPS (with authentication) or SSH. Consider whether git-daemon is necessary for your use case, or if HTTP-based serving with git-http-backend would be more appropriate.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git