Error when using backup-utility with GitLab 17.5.4

Summary

Reports of issues with gsutil as part of backup-utility within v17.5.4, likely related to pyOpenSSL module bump from 224.2.1 5o 24.3.0.

Details

I have a customer who is using K8s to deploy GitLab on Google Cloud.  They recently tried upgrading from GitLab 17.5.3 to GitLab 17.5.4.  In the process, however, they're finding the backup-utility is failing.  This failure looks to be traced back to the failure of the binary gsutil caused by a Python module pyOpenSSL changing from version 24.2.1 to 24.3.0.  In the newer version of the Python module the OpenSSL.crypto.sign() functionality was removed causing gsutil to break.  It appears the customer was able to roll back to the previous GitLab version, so backups work again.  They're asking for advice on how to address this.  I'm not 100% certain in the chain of all this where our part lies and if anyone was aware of it.  This was brought to light in ticket 590880.

I've included some bug report links provided by the customer and by others during our checks into this.

• https://issuetracker.google.com/issues/383466763?pli=1
  • Shows same error in relation to google/cloud-sdk:503.0.0-alpine, not in 502.0.0-alpine
• https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg2003687.html

  • OpenSSL.crypto.sign(), deprecated in 23.3.0, was removed in 24.3.0.

• https://pypi.org/project/pyOpenSSL/

Actionable

• Verify reproducibility between these two exact versions, and current 17.6.x release.
• Examine and record the difference between 17.5.3 and 17.5.4, in direct comparison.
• Consider if this is a problem of gsutil and floating dependency, or a problem stemming from our processes.