`snapTools.makeSnap` creates broken snaps

[DanielSidhion]

It looks like since the introduction of snapTools.makeSnap ~5y ago, the specifications of snaps have changed enough to the point that makeSnap now creates snaps that are broken by default. After spending a few hours investigating and trying workarounds to make things work, it looks like the main issue is with snap layouts:

New entries in / (root) Layouts cannot currently create new top-level files or directories. For example, the following layout declaration will not work:

layout:
  /foo: # Unsupported, cannot create new top-level directories.
     bind: $SNAP/foo

makeSnap needs to bind /nix, because with that almost any binary built with Nix won't work properly. However, since /nix is a top-level directory, trying to install any snap built with makeSnap leads to the following error:

error: cannot read snap file: layout "/nix" defines a new top-level directory "/nix"

Patching makeSnap to stop binding /nix creates a snap that can be installed, but trying to run most binaries built with Nix won't work:

• The interpreter is set to something like /nix/store/8mc30d49ghc8m5z96yz39srlhg5s9sjj-glibc-2.38-44/lib/ld-linux-x86-64.so.2, which doesn't exist inside the snap without the /nix bind
• Shared libraries won't be found either, because the library paths are all set assuming /nix/store/... exists

The only binaries that can run inside a snap built with the patched makeSnap are static binaries.

I don't know if, given the current limitations in the snap specs, it's possible to have a snapTools in Nixpkgs that will work properly, unless heavy modifications are made (e.g. we might have to run patchelf and co. all over again to try to make things work inside snaps).

Steps To Reproduce

Build the following package:

{ lib, snapTools, hello }:
snapTools.makeSnap {
  meta = {
    name = "hello";
    summary = hello.meta.description;
    description = hello.meta.longDescription;
    architectures = [ "amd64" ];
    confinement = "strict";
    apps.hello.command = "${lib.getExe hello}";
  };
}

And try to install it by running snap install ./result --dangerous.

---

Add a :+1: reaction to issues you find important.

[DanielSidhion]

Didn't search properly for existing issues, closing as duplicate of #100618