Why does the fio package use Python2.7?

I am using fio package with version 3.16.1, and it requires Python2.7, I tried removing Python2.7 and fio still works.

So I’m wondering when does fio use Python2.7 and is it possible to remove it ?

Or is it possible to force it to use with Python3?


Asked By: Kane


It is definitely possible, since fio for Jammy uses Python 3.

So the answer to "Why is it that…", is probably "The developers transitioned the fio package to Python 3 somewhere between Ubuntu 20.04 and 22.04".

So could you make a more recent version for Focal? Probably yes, if you’re willing to do the work yourself. So you basically have 3 options:

  1. Stay on Ubuntu 20.04 and fio w. Python 2
  2. Modify/update the fio source and recompile it for Ubuntu 20.04
  3. Upgrade to Ubuntu 22.04 (where the work has been done for you)

As @Muru states, it’s probably some of the helper scripts that use Python, and you said yourself that the binary works, even though you removed Python 2.

Reflections on Python 2 vulnerabilities

When you state "there are some vulnerability in Python 2…", it seems you’re not really considering the vulnerabilities and how they come into play.

I can only assume you’re referencing CVE-2021-4189 and CVE-2022-0391, which you asked about previously. Please consider what they actually are: CVE-2021-4189 is about the FTP module, and CVE-2022-0391 is about URL parsing.

So you need to consider: Do you really have any attack surfaces that expose these vulnerabilities in a way where it poses a risk? You could start by checking the source code of the Python scripts included with fio:

For fio_jsonplus_clat2csv line 81-87 imports modules:

from __future__ import absolute_import
from __future__ import print_function
import os
import json
import argparse
import itertools
import six

And fiologparser.py line 17-21 imports modules:

from __future__ import absolute_import
from __future__ import print_function
import argparse
import math
from functools import reduce

Since none of them use ftplib or urllib.parse modules, then the vulnerabilities don’t even come into play. So there isn’t any known issue here at all, even if you’re using Python 2.

Answered By: Artur Meinild
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.