Python Extended Lifecycle Support: A Deeper Look - TuxCare

Python Extended Lifecycle Support: A Deeper Look

Linux Live Patching Expert Team

September 15, 2022

OVAL, python, python els

Extended Lifecycle Support (ELS) for Python enables continued use of Python 2 applications, with timely security updates, without requiring any code refactoring or migration to newer Python versions. This lets your organization extend the value proposition of currently running applications already deployed and working perfectly while avoiding the time-consuming and costly upgrade process that comes with migrations to a new language version.

While some Enterprise-grade Linux distributions still provide Python 2 packages, others don’t. This is where ELS for Python comes in. Currently covering AlmaLinux OS 9 and Python 2.7, your workloads will remain secure when you deploy the service on your systems.

Installation

The one-time process for deploying ELS for Python is very straightforward. You download an installation script, run it with your key, and it’s complete. Below you’ll find the steps to achieve this and the steps to verify the installation was correctly executed.

1) Download the installer script: which can be found here:

wget https://repo.cloudlinux.com/python-els/install-python-els-repo.sh

 

2) Run the installer with your key to register the system on the repository:

sh install-python-els-repo.sh –license-key XXX-XXXXXXXXXXXX

 

3) Verify the installation. “Yum” should be able to find the python2 package. If you see similar output, then the installation was successful. Note that specific package version numbers may be slightly different than the ones shown, and that is expected, as regular updates will happen.

yum info python2

 

Output:

Available Packages
Name         : python2
Version      : 2.7.18
Release      : 10.el9.tuxcare.els1
Architecture : x86_64
Size         : 43 k
Source       : python2-2.7.18-10.el9.tuxcare.els1.src.rpm
Repository   : python-els
Summary      : An interpreted, interactive, object-oriented programming language
URL          : https://www.python.org/
License      : Python
Description  : Python 2 is an old version of the language that is incompatible
            : with the 3.x line of releases.

4) Actual python installation

The system is now ready to install python. This can be done with:

yum install python2 –enablerepo crb

 

5) Running python is done the same way as before.

$ python2
Python 2.7.18 (default, Jun 30 2022, 00:00:00)
[GCC 11.2.1 20220127 (Red Hat 11.2.1-9)] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> print “Hello, World!”
Hello, World!

Local Mirrors

Some organizations prefer a local mirror, and TuxCare provides you with this possibility. To enable access to local mirroring, contact your Account Manager and provide your public IP address (the IP from which the mirror process requests will show up). 

Mirror creation is done through rsync. To keep it in-sync, this process should be automated (for example, through cron) with the necessary interval. 

 

rsync url: rsync://repo.cloudlinux.com/PYTHON_ELS/

 

Example:

rsync  -avSHP –delete rsync://repo.cloudlinux.com/PYTHON_ELS/ .

OVAL and Extended Lifecycle Support for Python

TuxCare provides OVAL streams that can be used for OpenSCAP scanning and reporting to ensure proper security auditing and compliance requirements.

 

The TuxCare Python ELS OVAL Stream is reachable here:

AlmaLinux 9: https://repo.cloudlinux.com/python-els/almalinux9-els-python-oval.xml

How to use OVAL

1) Install OpenSCAP

yum install openscap openscap-utils scap-security-guide -y

 

2) Download OVAL stream

wget https://repo.cloudlinux.com/python-els/almalinux9-els-python-oval.xml

 

3) Run the scan

oscap oval eval –results result.xml –report report.xml almalinux9-els-python-oval.xml

Conclusion

Extended Lifecycle Support for Python provides a secure way of extending the expected lifetime of applications you already have running and are happy with – enough to be looking into ways of keeping them running – and adds additional security features like OVAL for easy integration with security and compliance scanners like OpenSCAP. As distributions drop support for Python 2, and your organization is still using Python 2 based applications, let us know about it for possible inclusion into our ELS support matrix.

Looking to Extend Your Product Lifecycle Support for Python 2.x?

Talk To An Python ELS Expert

Like what you're reading?
Get Important Content In Your Inbox.

Tell us your challenges and our experts will help you find the best approach to address them with the TuxCare product line.

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching