Do not leave open files behind as this triggers 'ResourceWarning' and leads
these tests to fail.

--- Werkzeug-1.0.1/tests/test_datastructures.py	2020-03-31 19:48:06.000000000 +0200
+++ Werkzeug-1.0.1/tests/test_datastructures.py	2021-11-21 18:19:11.304369878 +0100
@@ -1238,9 +1238,10 @@
     def test_save_to_pathlib_dst(self, tmp_path):
         src = tmp_path / "src.txt"
         src.write_text(u"test")
-        storage = self.storage_class(src.open("rb"))
-        dst = tmp_path / "dst.txt"
-        storage.save(dst)
+        with src.open("rb") as input:
+            storage = self.storage_class(input)
+            dst = tmp_path / "dst.txt"
+            storage.save(dst)
         assert dst.read_text() == "test"
 
     def test_save_to_bytes_io(self):
@@ -1251,11 +1252,12 @@
 
     def test_save_to_file(self, tmp_path):
         path = tmp_path / "file.data"
-        storage = self.storage_class(io.BytesIO(b"one\ntwo"))
-        with path.open("wb") as dst:
-            storage.save(dst)
-        with path.open("rb") as src:
-            assert src.read() == b"one\ntwo"
+        with io.BytesIO(b"one\ntwo") as input:
+            storage = self.storage_class(input)
+            with path.open("wb") as dst:
+                storage.save(dst)
+            with path.open("rb") as src:
+                assert src.read() == b"one\ntwo"
 
 
 @pytest.mark.parametrize("ranges", ([(0, 1), (-5, None)], [(5, None)]))
--- Werkzeug-1.0.1/tests/test_formparser.py	2020-03-31 19:48:06.000000000 +0200
+++ Werkzeug-1.0.1/tests/test_formparser.py	2021-11-21 22:11:43.654622751 +0100
@@ -27,7 +27,7 @@
 from werkzeug.test import create_environ
 from werkzeug.wrappers import Request
 from werkzeug.wrappers import Response
-
+import warnings
 
 @Request.application
 def form_data_consumer(request):
@@ -242,6 +244,9 @@
 
 class TestMultiPart(object):
     def test_basic(self):
+        # Ignore leaked file descriptor of unknown origin.
+        warnings.filterwarnings(action="ignore", message="unclosed", category=ResourceWarning)
+
         resources = join(dirname(__file__), "multipart")
         client = Client(form_data_consumer, Response)
 
?id=c4eccd20664a0f9d9134d98a5b430f67e84176c7'>tests</a>/<a href='/guix/log/tests/git-authenticate.scm?id=c4eccd20664a0f9d9134d98a5b430f67e84176c7'>git-authenticate.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/git-authenticate.scm?id=c4eccd20664a0f9d9134d98a5b430f67e84176c7&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-09-26 17:36:59 +0200'>2023-09-26</span></td><td><a href='/guix/commit/tests/git-authenticate.scm?id=ba21eeb565fe414b3647173068a0f3eadd174c06'>tests: Assume ‘git’ is always available.</a><span class='msg-avail'>...<span class='msg-tooltip'>* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’
only.
Remove all ‘test-skip’ statements.
* tests/derivations.scm: Likewise.
* tests/git-authenticate.scm: Likewise.
* tests/git.scm: Likewise.
* tests/import-git.scm: Likewise.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-02-14 11:23:08 +0100'>2022-02-14</span></td><td><a href='/guix/commit/tests/git-authenticate.scm?id=ca87601dd97dd9d356409827802eb0f8a3a535f0'>git-authenticate: Ensure the target is a descendant of the introductory commit.</a><span class='msg-avail'>...<span class='msg-tooltip'>Fixes a bug whereby authentication of a commit *not* descending from the
introductory commit could succeed, provided the commit verifies the
authorization invariant.

In the example below, A is a common ancestor of the introductory commit
I and of commit X.  Authentication of X would succeed, even though it is
not a descendant of I, as long as X is authorized according to the
'.guix-authorizations' in A:

   X   	 I
    \   /
      A

This is because, 'authenticate-repository' would not check whether X
descends from I, and the call (commit-difference X I) would return X.

In practice that only affects forks because it means that ancestors of
the introductory commit already contain a '.guix-authorizations' file.

* guix/git-authenticate.scm (authenticate-repository): Add call to
'commit-descendant?'.
* tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"):
New test.
* tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"):
New test.
* tests/guix-git-authenticate.sh: Expect earlier test to fail since
9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of
$intro_commit.  Add new test targeting an ancestor of the introductory
commit, and another test targeting the v1.2.0 commit.
* doc/guix.texi (Specifying Channel Authorizations): Add a sentence.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2022-02-14 11:23:07 +0100'>2022-02-14</span></td><td><a href='/guix/commit/tests/git-authenticate.scm?id=36cb04df96623ffe8f1074172a4ed9e51bcf6e3a'>git-authenticate: Test introductory commit signature verification.</a><span class='msg-avail'>...<span class='msg-tooltip'>These tests mimic similar tests already in 'tests/channels.scm', but
without using the higher-level 'authenticate-channel'.

* tests/git-authenticate.scm ("introductory commit, valid signature")
("introductory commit, missing signature")
("introductory commit, wrong signature"): New tests.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-12-22 10:53:19 +0100'>2021-12-22</span></td><td><a href='/guix/commit/tests/git-authenticate.scm?id=9ebc9ca070a21ba0aeb3f61202a8071bb250ccc8'>tests: Move keys into ./tests/keys/ and add a third ed25519 key.</a><span class='msg-avail'>...<span class='msg-tooltip'>The third key will be used in an upcoming commit.

Rename public keys to .pub.

* guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable.
(%ed25519-3-secret-key-file): New variable.
(%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file.
(%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file.
* tests/keys/ed25519-3.key: New file.
* tests/keys/ed25519-3.sec: New file.

Signed-off-by: Mathieu Othacehe &lt;othacehe@gnu.org&gt;
</span></span></td><td>Attila Lendvai</td></tr>

Age	Commit message (Expand)	Author
2023-09-26	tests: Assume ‘git’ is always available....* tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’ only. Remove all ‘test-skip’ statements. * tests/derivations.scm: Likewise. * tests/git-authenticate.scm: Likewise. * tests/git.scm: Likewise. * tests/import-git.scm: Likewise.	Ludovic Courtès
2022-02-14	git-authenticate: Ensure the target is a descendant of the introductory commit....Fixes a bug whereby authentication of a commit not descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence.	Ludovic Courtès
2022-02-14	git-authenticate: Test introductory commit signature verification....These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests.	Ludovic Courtès
2021-12-22	tests: Move keys into ./tests/keys/ and add a third ed25519 key....The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>	Attila Lendvai