After clearing the build cache, I discovered two new issues:
- the appimagetool file has been renamed obsolete-appimagetool-...
- we can no longer install cryptography==43.0.1 on Ubuntu 20.04 (docker version used for the release) because it depends on another lib maturin whose recent versions require a cargo version newer than the one avaible in Ubuntu's packages repo
In this diff we focus on the second issue, and use the quick and dirty fix for 1 just so we can test the fix for 2.
The problem with cryptography comes from the fact that when we install the deterministic requirements, each individual library is packaged in isolation by pip to detect all of its requirements. So pip tries to temporarily install the most recent version of cryptography's dependencies, even if an older version is pinpointed in the same requirements file. We could fix this by specifying an older version of maturin and add the --no-build-isolation flag to the pip install command, but that causes other issues such as putting the burden on us to list all transitive requirements (in practice this would mean having to repeat many basic dependencies that are already specified in other requirements files).
The simplest solution to not require Cargo for this library seems to be to allow pip to install the maturin package from its binary wheel instead of compiling it from sources (bypassing the --no-binary :all: flag). It is a bit of a security tradeoff, but to be honest I am not auditing the source code of that library so using the pinpointed binary release is probably an acceptable compromise, as it is only a build dependency for another lib.