In --require-hashes mode, pygithub -> pyjwt fails to build

[s4shyam95]

It seems like pygithub version that python-build-standalone relies on is 2.6.1, which then transitively relies on pyjwt[crypto].

The issue I'm running into is represented in the following logs when I try to build a standalone python :

25hCollecting pyjwt[crypto]>=2.4.0
ERROR: In --require-hashes mode, all requirements must have their versions pinned with ==. These do not:
    pyjwt[crypto]>=2.4.0 from [https://files.pythonhosted.org/packages/6f/01/c26ce75ba460d5cd503da9e13b21a33804d38c2165dec7b716d06b13010c/pyjwt-2.11.0-py3-none-any.whl#sha256=94a6bde30eb5c8e04fee991062b534071fd1439ef58d2adc9ccb823e7bcd0469](https://www.google.com/url?q=https://files.pythonhosted.org/packages/6f/01/c26ce75ba460d5cd503da9e13b21a33804d38c2165dec7b716d06b13010c/pyjwt-2.11.0-py3-none-any.whl%23sha256%3D94a6bde30eb5c8e04fee991062b534071fd1439ef58d2adc9ccb823e7bcd0469&sa=D) (from pygithub==2.6.1->-r /python-build-standalone/requirements.txt (line 308))

After investigating a bit, I saw that the generated requirements.txt contains pyjwt, but without the crypto extra, which probably caused pip to not pick pinned version. Trying out the change i.e. s/pyjwt/pyjwt[crypto] in requirements.txt and updating hashes, I was able to successfully build standalone python.

I'm wondering if this is something that I fix by patching in my environment, or does the fix belong upstream?

[jjhelmus]

The build.py script is the preferred method for building python-build-standalone. It requires uv to be installed before calling. Then use either uv run build.py .... or ./build.py ....

This uses uv to create and run the python environment. The build-{linux,macos}.py along with requirements.txt are legacy and I would prefer not to maintain them.