"Failed to map segment from shared object" when encrypting Bitbucket DB
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Bitbucket KB AES Encryption documents a method to encrypt the Bitbucket Database password. In some cases following error would be observed when encrypting the DB password using the suggested method:
"failed to map segment from shared object"
Environment
This issue may affect multiple versions of the Bitbucket Data Center.
Diagnosis
The error appears when the following Database encryption command is executed:
java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStoreThe Following Error will be printed on the screen when running the Encryption command:
WARNING: Runtime environment or build system does not support multi-release JARs. This will impact location-based features.
2024-10-20 16:59:41,297 main INFO [com.atlassian.secrets.DefaultSecretstoreProvider] Initiating secret store class: com.atlassian.secrets.store.algorithm.AlgorithmSecretstore
2024-10-20 16:59:41,623 main ERROR [com.atlassian.secrets.DefaultSecretstoreProvider] Couldn't initiate class: com.atlassian.secrets.store.algorithm.AlgorithmSecretstore
java.lang.reflect.InvocationTargetException: null
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Native Method)
at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77) ~[?:?]
at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]
at com.atlassian.secrets.DefaultSecretStoreProvider.getInstance(DefaultSecretStoreProvider.java:51) [atlassian-password-cli.jar:?]
at com.atlassian.secrets.cli.d.DbCipherTool.getOutputData(DbCipherTool.java:64) [atlassian-password-cli.jar:?]
at com.atlassian.secrets.cli.do.DbCipherTool.main(DbCipherTool.java:37) [atlassian-password-cli.jar:?]
Caused by: java.lang.UnsatisfiedLinkError: /tmp/bc-Its-jniqguslelit-libs/libbc-probe.so: /tmp/bc-Its-jniqguslelit-libs/libbc-probe.so: failed to map segment from shared object
at jdk.internal.loader.NativeLibraries.loadCause
Error below points at unable to access the /tmp directory location:
Caused by: java.lang.UnsatisfiedLinkError: /tmp/bc-Its-jniqguslelit-libs/libbc-probe.so: /tmp/bc-Its-jniqguslelit-libs/libbc-probe.so: failed to map segment from shared object
at jdk.internal.loader.NativeLibraries.loadThis can occur because the user that is running the command does not have sufficient execute permissions on the mentioned temporary directory
Solution
Re-run the command using sudo or with the user having appropriate permission over the /tmp directory
Try adding -Djava.io.tmpdir=<path> in the command to a path where user has appropriate permission
For example:
sudo /opt/jdk/amazon-corretto-11.0.21.9.1-linux-x64/bin/java -Djava.io.tmpdir=./ -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool
Was this helpful?