Python Extended Lifecycle Support: A Deeper Look
Extended Lifecycle Support (ELS) for Python enables continued use of Python 2 applications, with timely security updates, without requiring any code refactoring or migration to newer Python versions. This lets your organization extend the value proposition of currently running applications already deployed and working perfectly while avoiding the time-consuming and costly upgrade process that comes with migrations to a new language version.
While some Enterprise-grade Linux distributions still provide Python 2 packages, others don’t. This is where ELS for Python comes in. Currently covering AlmaLinux OS 9 and Python 2.7, your workloads will remain secure when you deploy the service on your systems.
Installation
The one-time process for deploying ELS for Python is very straightforward. You download an installation script, run it with your key, and it’s complete. Below you’ll find the steps to achieve this and the steps to verify the installation was correctly executed.
1) Download the installer script: which can be found here:
wget https://repo.cloudlinux.com/python-els/install-python-els-repo.sh |
2) Run the installer with your key to register the system on the repository:
sh install-python-els-repo.sh –license-key XXX-XXXXXXXXXXXX |
3) Verify the installation. “Yum” should be able to find the python2 package. If you see similar output, then the installation was successful. Note that specific package version numbers may be slightly different than the ones shown, and that is expected, as regular updates will happen.
yum info python2 |
Output:
Available Packages Name : python2 Version : 2.7.18 Release : 10.el9.tuxcare.els1 Architecture : x86_64 Size : 43 k Source : python2-2.7.18-10.el9.tuxcare.els1.src.rpm Repository : python-els Summary : An interpreted, interactive, object-oriented programming language URL : https://www.python.org/ License : Python Description : Python 2 is an old version of the language that is incompatible : with the 3.x line of releases. |
4) Actual python installation
The system is now ready to install python. This can be done with:
yum install python2 –enablerepo crb |
5) Running python is done the same way as before.
$ python2 Python 2.7.18 (default, Jun 30 2022, 00:00:00) [GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] on linux2 Type “help”, “copyright”, “credits” or “license” for more information. >>> print “Hello, World!” Hello, World! |
Local Mirrors
Some organizations prefer a local mirror, and TuxCare provides you with this possibility. To enable access to local mirroring, contact your Account Manager and provide your public IP address (the IP from which the mirror process requests will show up).
Mirror creation is done through rsync. To keep it in-sync, this process should be automated (for example, through cron) with the necessary interval.
rsync url: rsync://repo.cloudlinux.com/PYTHON_ELS/ |
Example:
rsync -avSHP –delete rsync://repo.cloudlinux.com/PYTHON_ELS/ . |
OVAL and Extended Lifecycle Support for Python
TuxCare provides OVAL streams that can be used for OpenSCAP scanning and reporting to ensure proper security auditing and compliance requirements.
The TuxCare Python ELS OVAL Stream is reachable here:
AlmaLinux 9: https://repo.cloudlinux.com/python-els/almalinux9-els-python-oval.xml |
How to use OVAL
1) Install OpenSCAP
yum install openscap openscap-utils scap-security-guide -y |
2) Download OVAL stream
wget https://repo.cloudlinux.com/python-els/almalinux9-els-python-oval.xml |
3) Run the scan
oscap oval eval –results result.xml –report report.xml almalinux9-els-python-oval.xml |
Conclusion
Extended Lifecycle Support for Python provides a secure way of extending the expected lifetime of applications you already have running and are happy with – enough to be looking into ways of keeping them running – and adds additional security features like OVAL for easy integration with security and compliance scanners like OpenSCAP. As distributions drop support for Python 2, and your organization is still using Python 2 based applications, let us know about it for possible inclusion into our ELS support matrix.