snapcraft produces snaps with dangling external symlinks

I used snapcraft to package minecraft (to test security policy on a non-trivial java program). Here is the bzr tree: lp:~jdstrand/+junk/minecraft-snap

$ click-review minecraft_0.1_amd64.snap
Errors
------
 - lint_external_symlinks
 package contains external symlinks: /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_nis.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_hesiod.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libresolv.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libutil.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libcidn.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnsl.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_files.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libBrokenLocale.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_dns.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_compat.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/librt.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libm.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libthread_db.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libcrypt.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libdl.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libnss_nisplus.so, /tmp/clickreview-fo5rcfjk/usr/lib/x86_64-linux-gnu/libanl.so, /tmp/clickreview-fo5rcfjk/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts

This check in the review tools is looking at the symlink in the unpacked snap and seeing if they point outside of the snap's directories. The goal of the check is to point out problems when installing a snap on a minimal system like Ubuntu Core where the target files may not exist. For example, after installing the snap, /apps/minecraft.sideload/current/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts is a dangling symlink to the non-existent /etc/ssl/certs/java/cacerts.

This is not a security issue because AppArmor will resolve the symlinks before applying policy.

This is known to at least affect 'stage-packages: openjdk-7-jre-headless' and 'type: python3-project'

WORKAROUND: if you have a snap that does this, use snapcraft, run the review tools on it to see the list external symlinks, then unpack the snap, remove the external symlinks, then repack the snap.