crypto/x509: TestSystemRoots failure

[martisch]

go tip 23cd87e and earlier in 1.9 candidates

while running ./all.bash i have a reproducible test error on darwin:
--- FAIL: TestSystemRoots (1.41s)
root_darwin_test.go:31: cgo sys roots: 443.728642ms
root_darwin_test.go:32: non-cgo sys roots: 964.424609ms
root_darwin_test.go:44: got 169 roots
root_darwin_test.go:44: got 453 roots
root_darwin_test.go:73: insufficient overlap between cgo and non-cgo roots; want at least 226, have 168
FAIL

macOS Sierra 10.12.6 but i have seen that failure on macOS 10.11 too since i just upgraded.

Darwin ender 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64

another similar report here:
https://groups.google.com/forum/#!topic/golang-nuts/LZvj2N_8gs4

[martisch]

happens since: 4dbcacd... crypto/x509: load all trusted certs on darwin (nocgo)

4dbcacda96... crypto/x509: load all trusted certs on darwin (nocgo)
ender:x509 martisch$ go test -run=TestSystemRoots
--- FAIL: TestSystemRoots (0.74s)
	root_darwin_test.go:31:     cgo sys roots: 124.339674ms
	root_darwin_test.go:32: non-cgo sys roots: 614.074109ms
	root_darwin_test.go:44: got 169 roots
	root_darwin_test.go:44: got 453 roots
	root_darwin_test.go:73: insufficient overlap between cgo and non-cgo roots; want at least 226, have 168
FAIL
exit status 1
FAIL	crypto/x509	0.752s

/cc @dsnet @ianlancetaylor

[martisch]

adding authors and more reviewers from the CL
/cc @mastercactapus @josharian @agl

[martisch]

I tagged this Go1.9 since i traced it to a CL merged at end of 1.9 cycle and it would be nice to have a working test suite on darwin with 1.9 release and also counter confusion and issue tickets from any others that will encounter the above failure when compiling 1.9 from source on darwin.

[mastercactapus]

I suspect this is due to the cgo counterpart to that fix not having made it into 1.9 (as it's still in-progress)
https://go-review.googlesource.com/c/36942

[gopherbot]

Change https://golang.org/cl/57830 mentions this issue: crypto/x509: skip TestSystemRoots

[adamryman]

If this is a release blocker why did 1.9 get released without this?

[martisch]

Because the label was a suggestion by me but the as far as i know the decision was made by the go team that the issue should not hold up the release of 1.9 (which sounds like the right call to me). It can be considered for 1.9.x.