Why does the fio package use Python2.7?
I am using fio package with version 3.16.1, and it requires Python2.7, I tried removing Python2.7 and fio still works.
So I’m wondering when does fio use Python2.7 and is it possible to remove it ?
Or is it possible to force it to use with Python3?
It is definitely possible, since
fio for Jammy uses Python 3.
So the answer to "Why is it that…", is probably "The developers transitioned the
fio package to Python 3 somewhere between Ubuntu 20.04 and 22.04".
So could you make a more recent version for Focal? Probably yes, if you’re willing to do the work yourself. So you basically have 3 options:
- Stay on Ubuntu 20.04 and
fiow. Python 2
- Modify/update the
fiosource and recompile it for Ubuntu 20.04
- Upgrade to Ubuntu 22.04 (where the work has been done for you)
As @Muru states, it’s probably some of the helper scripts that use Python, and you said yourself that the binary works, even though you removed Python 2.
Reflections on Python 2 vulnerabilities
When you state "there are some vulnerability in Python 2…", it seems you’re not really considering the vulnerabilities and how they come into play.
I can only assume you’re referencing CVE-2021-4189 and CVE-2022-0391, which you asked about previously. Please consider what they actually are: CVE-2021-4189 is about the FTP module, and CVE-2022-0391 is about URL parsing.
So you need to consider: Do you really have any attack surfaces that expose these vulnerabilities in a way where it poses a risk? You could start by checking the source code of the Python scripts included with
fio_jsonplus_clat2csv line 81-87 imports modules:
from __future__ import absolute_import from __future__ import print_function import os import json import argparse import itertools import six
fiologparser.py line 17-21 imports modules:
from __future__ import absolute_import from __future__ import print_function import argparse import math from functools import reduce
Since none of them use
urllib.parse modules, then the vulnerabilities don’t even come into play. So there isn’t any known issue here at all, even if you’re using Python 2.