What version of Go are you using (go version)?

$ go version
go version devel +89f465c2b5 Wed Dec 9 21:05:24 2020 +0000 darwin/arm64

What operating system and processor architecture are you using (go env)?

$ go env
GO111MODULE=""
GOARCH="arm64"
GOBIN=""
GOCACHE="/Users/oxisto/Library/Caches/go-build"
GOENV="/Users/oxisto/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="arm64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/oxisto/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/oxisto/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/opt/homebrew/Cellar/go/HEAD-89f465c/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/opt/homebrew/Cellar/go/HEAD-89f465c/libexec/pkg/tool/darwin_arm64"
GOVCS=""
GOVERSION="devel +89f465c2b5 Wed Dec 9 21:05:24 2020 +0000"
GCCGO="gccgo"
AR="ar"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD="/Users/oxisto/Downloads/test-fail/go.mod"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build4066635939=/tmp/go-build -gno-record-gcc-switches -fno-common"

What did you do?

For reproducibility I have created a minimum viable failing program in the repository here: https://github.com/oxisto/go-test-cgo-fail

I am trying to run go test with a go program that makes use of cgo to call native functions. The main purpose of those function is some low level macOS stuff, that also requirements entitlements. I will not go into detail about the actual entitlement signing process, because it is not relevant to the error. Important to know is, that codesign needs a valid code signature on the binary in order to proceed. This works without any problem for go build with the master branch after #42684 was implemented and can be checked by

$ go build cmd/main.go
$ codesign -v -v ./main
./main: valid on disk
./main: satisfies its Designated Requirement

However, if I try to do the same with a binary produced by go test, it fails the code signing check and thus I cannot proceed with my entitlements.

$ go test -work pkg/native_test.go
WORK=/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306
$ codesign -v -v /var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test
/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test: main executable failed strict validation

Trying go test without any cgo / native code works fine and produces a valid code signature. Interesting to know is that also, while this has the effect that it cannot be signed any further, i.e. with entitlements, the signature seems to be "ok enough" for macOS to actually execute.

$ /var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test
hello
PASS

The weird thing is that for a while I was using gotip download 272258 (from #42684), everything worked, then I switched to master, the problem came up and now even switching back to the old go tip does not seem to clear the error. So I would appreciate if anyone else with a darwin arm64 device can try to reproduce this.

What did you expect to see?

/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test: valid on disk
/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test: satisfies its Designated Requirement

What did you see instead?

/var/folders/7x/03y_vsbn2ylbn8cq3w_zz_dc0000gn/T/go-build3337792306/b001/pkg.test: main executable failed strict validation