allow lists and dicts since we get them for free

becker: show simplification idea
auto style fix
2022-11-04 17:51:58 -07:00 · 2022-11-04 17:51:58 -07:00 · 2022-11-04 17:51:58 -07:00 · 2022-11-04 17:51:58 -07:00 · 2022-11-04 17:51:58 -07:00 · 2022-11-04 17:51:58 -07:00
9356 changed files with 121460 additions and 186260 deletions
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1,5 +1,3 @@
 # .git-blame-ignore-revs
-# Formatted entire codebase with black 23
+# Formatted entire codebase with black
 603569e321013a1a63a637813c94c2834d0a0023
 # Formatted entire codebase with black 22
 f52f6e99dbf1131886a80112b8c79dfc414afb7c
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,4 +1,3 @@
 *.py diff=python
 *.lp linguist-language=Prolog
 lib/spack/external/* linguist-vendored
 *.bat text eol=crlf
--- a/.github/ISSUE_TEMPLATE/build_error.yml
+++ b/.github/ISSUE_TEMPLATE/build_error.yml
@@ -9,7 +9,7 @@ body:
        Thanks for taking the time to report this build failure. To proceed with the report please:
        1. Title the issue `Installation issue: <name-of-the-package>`.
        2. Provide the information required below.
-
+        
        We encourage you to try, as much as possible, to reduce your problem to the minimal example that still reproduces the issue. That would help us a lot in fixing it quickly and effectively!
  - type: textarea
    id: reproduce
@@ -29,9 +29,7 @@ body:
      description: |
        Please post the error message from spack inside the `<details>` tag below:
      value: |
-        <details><summary>Error message</summary>
+        <details><summary>Error message</summary><pre>
        <pre>
        ...
        </pre></details>
    validations:
@@ -55,7 +53,7 @@ body:
        Please upload the following files:
        * **`spack-build-out.txt`**
        * **`spack-build-env.txt`**
-
+        
        They should be present in the stage directory of the failing build. Also upload any `config.log` or similar file if one exists.
  - type: markdown
    attributes:
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -1,4 +1,4 @@
-name: "\U0001F38A Feature request"
+name: "\U0001F38A Feature request" 
 description: Suggest adding a feature that is not yet in Spack
 labels: [feature]
 body:
@@ -29,11 +29,13 @@ body:
    attributes:
      label: General information
      options:
        - label: I have run `spack --version` and reported the version of Spack
          required: true
        - label: I have searched the issues of this repo and believe this is not a duplicate
          required: true
  - type: markdown
    attributes:
      value: |
        If you want to ask a question about the tool (how to use it, what it can currently do, etc.), try the `#general` channel on [our Slack](https://slack.spack.io/) first. We have a welcoming community and chances are you'll get your reply faster and without opening an issue.
-
+        
        Other than that, thanks for taking the time to contribute to Spack!
--- a/.github/ISSUE_TEMPLATE/test_error.yml
+++ b/.github/ISSUE_TEMPLATE/test_error.yml
@@ -21,9 +21,7 @@ body:
      description: |
        Please post the error message from spack inside the `<details>` tag below:
      value: |
-        <details><summary>Error message</summary>
+        <details><summary>Error message</summary><pre>
        <pre>
        ...
        </pre></details>
    validations:
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,13 +5,3 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
  # Requirements to build documentation
  - package-ecosystem: "pip"
    directory: "/lib/spack/docs"
    schedule:
      interval: "daily"
  # Requirements to run style checks
  - package-ecosystem: "pip"
    directory: "/.github/workflows/style"
    schedule:
      interval: "daily"
--- a/.github/workflows/audit.yaml
+++ b/.github/workflows/audit.yaml
@@ -17,24 +17,20 @@ concurrency:
 jobs:
  # Run audits on all the packages in the built-in repository
  package-audits:
-    runs-on: ${{ matrix.operating_system }}
+    runs-on: ubuntu-latest
    strategy:
      matrix:
        operating_system: ["ubuntu-latest", "macos-latest"]
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # @v2
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
        python-version: ${{inputs.python_version}}
    - name: Install Python packages
      run: |
-        pip install --upgrade pip setuptools pytest coverage[toml]
+        pip install --upgrade pip six setuptools pytest codecov 'coverage[toml]<=6.2'
    - name: Package audits (with coverage)
      if: ${{ inputs.with_coverage == 'true' }}
      run: |
          . share/spack/setup-env.sh
          coverage run $(which spack) audit packages
          coverage run $(which spack) audit externals        
          coverage combine
          coverage xml
    - name: Package audits (without coverage)
@@ -42,8 +38,7 @@ jobs:
      run: |
          . share/spack/setup-env.sh
          $(which spack) audit packages
-          $(which spack) audit externals
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # @v2.1.0
    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # @v2.1.0
      if: ${{ inputs.with_coverage == 'true' }}
      with:
-        flags: unittests,audits
+        flags: unittests,linux,audits
--- a/.github/workflows/bootstrap.yml
+++ b/.github/workflows/bootstrap.yml
@@ -24,7 +24,7 @@ jobs:
              make patch unzip which xz python3 python3-devel tree \
              cmake bison bison-devel libstdc++-static
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup non-root user
@@ -42,8 +42,8 @@ jobs:
        shell: runuser -u spack-test -- bash {0}
        run: |
          source share/spack/setup-env.sh
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack external find cmake bison
          spack -d solve zlib
          tree ~/.spack/bootstrap/store/
@@ -62,7 +62,7 @@ jobs:
              make patch unzip xz-utils python3 python3-dev tree \
              cmake bison
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup non-root user
@@ -80,8 +80,8 @@ jobs:
        shell: runuser -u spack-test -- bash {0}
        run: |
          source share/spack/setup-env.sh
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack external find cmake bison
          spack -d solve zlib
          tree ~/.spack/bootstrap/store/
@@ -99,7 +99,7 @@ jobs:
              bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
              make patch unzip xz-utils python3 python3-dev tree
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup non-root user
@@ -133,7 +133,7 @@ jobs:
              make patch unzip which xz python3 python3-devel tree \
              cmake bison
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup repo
@@ -145,8 +145,8 @@ jobs:
      - name: Bootstrap clingo
        run: |
          source share/spack/setup-env.sh
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack external find cmake bison
          spack -d solve zlib
          tree ~/.spack/bootstrap/store/
@@ -158,13 +158,13 @@ jobs:
        run: |
          brew install cmake bison@2.7 tree
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      - name: Bootstrap clingo
        run: |
          source share/spack/setup-env.sh
          export PATH=/usr/local/opt/bison@2.7/bin:$PATH
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack external find --not-buildable cmake bison
          spack -d solve zlib
          tree ~/.spack/bootstrap/store/
@@ -179,11 +179,11 @@ jobs:
        run: |
          brew install tree
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      - name: Bootstrap clingo
        run: |
          set -ex
-          for ver in '3.7' '3.8' '3.9' '3.10' '3.11' ; do
+          for ver in '3.6' '3.7' '3.8' '3.9' '3.10' ; do
            not_found=1
            ver_dir="$(find $RUNNER_TOOL_CACHE/Python -wholename "*/${ver}.*/*/bin" | grep . || true)"
            echo "Testing $ver_dir"
@@ -204,7 +204,7 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup repo
@@ -214,7 +214,7 @@ jobs:
      - name: Bootstrap clingo
        run: |
          set -ex
-          for ver in '3.7' '3.8' '3.9' '3.10' '3.11' ; do
+          for ver in '2.7' '3.6' '3.7' '3.8' '3.9' '3.10' ; do
            not_found=1
            ver_dir="$(find $RUNNER_TOOL_CACHE/Python -wholename "*/${ver}.*/*/bin" | grep . || true)"
            echo "Testing $ver_dir"
@@ -247,7 +247,7 @@ jobs:
              bzip2 curl file g++ gcc patchelf gfortran git gzip \
              make patch unzip xz-utils python3 python3-dev tree
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup non-root user
@@ -265,7 +265,6 @@ jobs:
        shell: runuser -u spack-test -- bash {0}
        run: |
          source share/spack/setup-env.sh
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable spack-install
          spack -d gpg list
          tree ~/.spack/bootstrap/store/
@@ -284,7 +283,7 @@ jobs:
              make patch unzip xz-utils python3 python3-dev tree \
              gawk
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
        with:
          fetch-depth: 0
      - name: Setup non-root user
@@ -303,8 +302,8 @@ jobs:
        run: |
          source share/spack/setup-env.sh
          spack solve zlib
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack -d gpg list
          tree ~/.spack/bootstrap/store/
@@ -317,11 +316,10 @@ jobs:
          # Remove GnuPG since we want to bootstrap it
          sudo rm -rf /usr/local/bin/gpg
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      - name: Bootstrap GnuPG
        run: |
          source share/spack/setup-env.sh
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable spack-install
          spack -d gpg list
          tree ~/.spack/bootstrap/store/
@@ -335,13 +333,13 @@ jobs:
          # Remove GnuPG since we want to bootstrap it
          sudo rm -rf /usr/local/bin/gpg
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      - name: Bootstrap GnuPG
        run: |
          source share/spack/setup-env.sh
          spack solve zlib
          spack bootstrap disable github-actions-v0.5
          spack bootstrap disable github-actions-v0.4
          spack bootstrap disable github-actions-v0.3
          spack -d gpg list
          tree ~/.spack/bootstrap/store/
--- a/.github/workflows/build-containers.yml
+++ b/.github/workflows/build-containers.yml
@@ -45,18 +45,12 @@ jobs:
                     [leap15, 'linux/amd64,linux/arm64,linux/ppc64le', 'opensuse/leap:15'],
                     [ubuntu-bionic, 'linux/amd64,linux/arm64,linux/ppc64le', 'ubuntu:18.04'],
                     [ubuntu-focal, 'linux/amd64,linux/arm64,linux/ppc64le', 'ubuntu:20.04'],
-                     [ubuntu-jammy, 'linux/amd64,linux/arm64,linux/ppc64le', 'ubuntu:22.04'],
+                     [ubuntu-jammy, 'linux/amd64,linux/arm64,linux/ppc64le', 'ubuntu:22.04']]
                     [almalinux8, 'linux/amd64,linux/arm64,linux/ppc64le', 'almalinux:8'],
                     [almalinux9, 'linux/amd64,linux/arm64,linux/ppc64le', 'almalinux:9'],
                     [rockylinux8, 'linux/amd64,linux/arm64', 'rockylinux:8'],
                     [rockylinux9, 'linux/amd64,linux/arm64', 'rockylinux:9'],
                     [fedora37, 'linux/amd64,linux/arm64,linux/ppc64le', 'fedora:37'],
                     [fedora38, 'linux/amd64,linux/arm64,linux/ppc64le', 'fedora:38']]
    name: Build ${{ matrix.dockerfile[0] }}
    if: github.repository == 'spack/spack'
    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      - name: Set Container Tag Normal (Nightly)
        run: |
@@ -86,19 +80,19 @@ jobs:
          fi
      - name: Upload Dockerfile
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
        with:
          name: dockerfiles
          path: dockerfiles
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # @v1
+        uses: docker/setup-qemu-action@8b122486cedac8393e77aa9734c3528886e4a1a8 # @v1
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # @v1
+        uses: docker/setup-buildx-action@c74574e6c82eeedc46366be1b0d287eff9085eb6 # @v1
      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # @v1
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # @v1
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -106,13 +100,13 @@ jobs:
      - name: Log in to DockerHub
        if: github.event_name != 'pull_request'
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # @v1
+        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a # @v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Build & Deploy ${{ matrix.dockerfile[0] }}
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # @v2
+        uses: docker/build-push-action@c84f38281176d4c9cdb1626ffafcd6b3911b5d94 # @v2
        with:
          context: dockerfiles/${{ matrix.dockerfile[0] }}
          platforms: ${{ matrix.dockerfile[1] }}
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -20,6 +20,12 @@ jobs:
    uses: ./.github/workflows/valid-style.yml
    with:
      with_coverage: ${{ needs.changes.outputs.core }}
  audit-ancient-python:
    uses: ./.github/workflows/audit.yaml
    needs: [ changes ]
    with:
      with_coverage: ${{ needs.changes.outputs.core }}
      python_version: 2.7
  all-prechecks:
    needs: [ prechecks ]
    runs-on: ubuntu-latest
@@ -35,12 +41,12 @@ jobs:
      core: ${{ steps.filter.outputs.core }}
      packages: ${{ steps.filter.outputs.packages }}
    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
        if: ${{ github.event_name == 'push' }}
        with:
          fetch-depth: 0
            # For pull requests it's not necessary to checkout the code
-      - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50
+      - uses: dorny/paths-filter@b2feaf19c27470162a626bd6fa8438ae5b263721
        id: filter
        with:
          # See https://github.com/dorny/paths-filter/issues/56 for the syntax used below
@@ -79,7 +85,7 @@ jobs:
    needs: [ prechecks ]
    uses: ./.github/workflows/windows_python.yml
  all:
-    needs: [ windows, unit-tests, bootstrap ]
+    needs: [ windows, unit-tests, bootstrap, audit-ancient-python ]
    runs-on: ubuntu-latest
    steps:
    - name: Success
--- a/.github/workflows/nightly-win-builds.yml
+++ b/.github/workflows/nightly-win-builds.yml
@@ -1,31 +0,0 @@
 name: Windows Paraview Nightly
 on:
  schedule:
    - cron: '0 2 * * *' # Run at 2 am
 defaults:
  run:
    shell:
     powershell Invoke-Expression -Command "./share/spack/qa/windows_test_setup.ps1"; {0}
 jobs:
  build-paraview-deps:
    runs-on: windows-latest
    steps:
    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
      with:
        fetch-depth: 0
    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
          python -m pip install --upgrade pip six pywin32 setuptools coverage
    - name: Build Test
      run: |
        spack compiler find
        spack external find cmake ninja win-sdk win-wdk wgl msmpi
        spack -d install -y --cdash-upload-url https://cdash.spack.io/submit.php?project=Spack+on+Windows --cdash-track Nightly --only dependencies paraview
        exit 0
--- a/.github/workflows/setup_git.ps1
+++ b/.github/workflows/setup_git.ps1
@@ -1,9 +1,15 @@
-# (c) 2022 Lawrence Livermore National Laboratory
+# (c) 2021 Lawrence Livermore National Laboratory
 Set-Location spack
 git config --global user.email "spack@example.com"
 git config --global user.name "Test User"
 git config --global core.longpaths true
 # See https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 (CVE-2022-39253)
 # This is needed to let some fixture in our unit-test suite run
 git config --global protocol.file.allow always
 if ($(git branch --show-current) -ne "develop")
 {
    git branch develop origin/develop
--- a/.github/workflows/setup_git.sh
+++ b/.github/workflows/setup_git.sh
@@ -2,6 +2,10 @@
 git config --global user.email "spack@example.com"
 git config --global user.name "Test User"
 # See https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 (CVE-2022-39253)
 # This is needed to let some fixture in our unit-test suite run
 git config --global protocol.file.allow always
 # create a local pr base branch
 if [[ -n $GITHUB_BASE_REF ]]; then
    git fetch origin "${GITHUB_BASE_REF}:${GITHUB_BASE_REF}"
--- a/.github/workflows/style/requirements.txt
+++ b/.github/workflows/style/requirements.txt
@@ -1,7 +0,0 @@
 black==23.9.1
 clingo==5.6.2
 flake8==6.1.0
 isort==5.12.0
 mypy==1.6.1
 types-six==1.16.21.9
 vermin==1.5.2
--- a/.github/workflows/unit_tests.yaml
+++ b/.github/workflows/unit_tests.yaml
@@ -11,50 +11,36 @@ concurrency:
 jobs:
  # Run unit tests with different configurations on linux
  ubuntu:
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
    strategy:
      matrix:
-        os: [ubuntu-latest]
+        python-version: ['2.7', '3.6', '3.7', '3.8', '3.9', '3.10']
        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12']
        concretizer: ['clingo']
        on_develop:
        - ${{ github.ref == 'refs/heads/develop' }}
        include:
-        - python-version: '3.11'
+        - python-version: 2.7
          os: ubuntu-latest
          concretizer: original
          on_develop: ${{ github.ref == 'refs/heads/develop' }}
-        - python-version: '3.6'
+        - python-version: '3.10'
-          os: ubuntu-20.04
+          concretizer: original
          concretizer: clingo
          on_develop: ${{ github.ref == 'refs/heads/develop' }}
        exclude:
        - python-version: '3.7'
          os: ubuntu-latest
          concretizer: 'clingo'
          on_develop: false
        - python-version: '3.8'
          os: ubuntu-latest
          concretizer: 'clingo'
          on_develop: false
        - python-version: '3.9'
          os: ubuntu-latest
          concretizer: 'clingo'
          on_develop: false
        - python-version: '3.10'
          os: ubuntu-latest
          concretizer: 'clingo'
          on_develop: false
        - python-version: '3.11'
          os: ubuntu-latest
          concretizer: 'clingo'
          on_develop: false
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # @v2
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
        python-version: ${{ matrix.python-version }}
    - name: Install System packages
@@ -63,11 +49,24 @@ jobs:
          # Needed for unit tests
          sudo apt-get -y install \
              coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build \
-              cmake bison libbison-dev kcov
+              patchelf cmake bison libbison-dev kcov
    - name: Install Python packages
      run: |
-          pip install --upgrade pip setuptools pytest pytest-xdist pytest-cov
+          pip install --upgrade pip six setuptools pytest codecov[toml] pytest-xdist 
-          pip install --upgrade flake8 "isort>=4.3.5" "mypy>=0.900" "click" "black"
+          # Install pytest-cov only on recent Python, to avoid stalling on Python 2.7 due
          # to bugs on an unmaintained version of the package when used with xdist.
          if [[ ${{ matrix.python-version }} != "2.7" ]]; then
            pip install --upgrade pytest-cov
          fi
          # ensure style checks are not skipped in unit tests for python >= 3.6
          # note that true/false (i.e., 1/0) are opposite in conditions in python and bash
          if python -c 'import sys; sys.exit(not sys.version_info >= (3, 6))'; then
              pip install --upgrade flake8 "isort>=4.3.5" "mypy>=0.900" "click==8.0.4" "black<=21.12b0"
          fi
    - name: Pin pathlib for Python 2.7
      if: ${{ matrix.python-version == 2.7 }}
      run: |
          pip install -U pathlib2==2.3.6 toml
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
@@ -80,7 +79,6 @@ jobs:
      run: |
          . share/spack/setup-env.sh
          spack bootstrap disable spack-install
          spack bootstrap now
          spack -v solve zlib
    - name: Run unit tests
      env:
@@ -88,22 +86,22 @@ jobs:
          SPACK_TEST_SOLVER: ${{ matrix.concretizer }}
          SPACK_TEST_PARALLEL: 2
          COVERAGE: true
-          UNIT_TEST_COVERAGE: ${{ matrix.python-version == '3.11' }}
+          UNIT_TEST_COVERAGE: ${{ (matrix.python-version == '3.10') }}
      run: |
          share/spack/qa/run-unit-tests
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
      with:
        flags: unittests,linux,${{ matrix.concretizer }}
  # Test shell integration
  shell:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # @v2
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
-        python-version: '3.11'
+        python-version: '3.10'
    - name: Install System packages
      run: |
          sudo apt-get -y update
@@ -111,7 +109,7 @@ jobs:
          sudo apt-get install -y coreutils kcov csh zsh tcsh fish dash bash
    - name: Install Python packages
      run: |
-          pip install --upgrade pip setuptools pytest coverage[toml] pytest-xdist
+          pip install --upgrade pip six setuptools pytest codecov coverage[toml]==6.2 pytest-xdist
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
@@ -122,7 +120,7 @@ jobs:
          COVERAGE: true
      run: |
          share/spack/qa/run-shell-tests
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
      with:
        flags: shelltests,linux
@@ -137,11 +135,10 @@ jobs:
          dnf install -y \
              bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
              make patch tcl unzip which xz
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
    - name: Setup repo and non-root user
      run: |
          git --version
          git config --global --add safe.directory /__w/spack/spack
          git fetch --unshallow
          . .github/workflows/setup_git.sh
          useradd spack-test
@@ -150,26 +147,28 @@ jobs:
      shell: runuser -u spack-test -- bash {0}
      run: |
          source share/spack/setup-env.sh
-          spack -d bootstrap now --dev
+          spack -d solve zlib
          spack unit-test -k 'not cvs and not svn and not hg' -x --verbose
  # Test for the clingo based solver (using clingo-cffi)
  clingo-cffi:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # @v2
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
-        python-version: '3.11'
+        python-version: '3.10'
    - name: Install System packages
      run: |
          sudo apt-get -y update
-          sudo apt-get -y install coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build kcov
+          # Needed for unit tests
          sudo apt-get -y install \
              coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build \
              patchelf kcov
    - name: Install Python packages
      run: |
-          pip install --upgrade pip setuptools pytest coverage[toml] pytest-cov clingo pytest-xdist
+          pip install --upgrade pip six setuptools pytest codecov coverage[toml] pytest-cov clingo pytest-xdist
          pip install --upgrade flake8 "isort>=4.3.5" "mypy>=0.900" "click" "black"
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
@@ -181,7 +180,7 @@ jobs:
          SPACK_TEST_SOLVER: clingo
      run: |
          share/spack/qa/run-unit-tests
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # @v2.1.0
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # @v2.1.0
      with:
        flags: unittests,linux,clingo
  # Run unit tests on MacOS
@@ -189,18 +188,18 @@ jobs:
    runs-on: macos-latest
    strategy:
      matrix:
-        python-version: ["3.11"]
+        python-version: ["3.10"]
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # @v2
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
        python-version: ${{ matrix.python-version }}
    - name: Install Python packages
      run: |
-          pip install --upgrade pip setuptools
+          pip install --upgrade pip six setuptools
-          pip install --upgrade pytest coverage[toml] pytest-xdist pytest-cov
+          pip install --upgrade pytest codecov coverage[toml] pytest-xdist pytest-cov
    - name: Setup Homebrew packages
      run: |
        brew install dash fish gcc gnupg2 kcov
@@ -216,6 +215,6 @@ jobs:
        $(which spack) solve zlib
        common_args=(--dist loadfile --tx '4*popen//python=./bin/spack-tmpconfig python -u ./bin/spack python' -x)
        $(which spack) unit-test --cov --cov-config=pyproject.toml --cov-report=xml:coverage.xml "${common_args[@]}"
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
      with:
        flags: unittests,macos
--- a/.github/workflows/valid-style.yml
+++ b/.github/workflows/valid-style.yml
@@ -18,34 +18,33 @@ jobs:
  validate:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
-        python-version: '3.11'
+        python-version: '3.10'
        cache: 'pip'
    - name: Install Python Packages
      run: |
-        pip install --upgrade pip setuptools
+        pip install --upgrade pip
-        pip install -r .github/workflows/style/requirements.txt
+        pip install --upgrade vermin
    - name: vermin (Spack's Core)
-      run: vermin --backport importlib --backport argparse --violations --backport typing -t=3.6- -vvv lib/spack/spack/ lib/spack/llnl/ bin/
+      run: vermin --backport argparse --violations --backport typing -t=2.7- -t=3.6- -vvv lib/spack/spack/ lib/spack/llnl/ bin/
    - name: vermin (Repositories)
-      run: vermin --backport importlib --backport argparse --violations --backport typing -t=3.6- -vvv var/spack/repos
+      run: vermin --backport argparse --violations --backport typing -t=2.7- -t=3.6- -vvv var/spack/repos
  # Run style checks on the files that have been changed
  style:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # @v2
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # @v2
      with:
-        python-version: '3.11'
+        python-version: '3.10'
        cache: 'pip'
    - name: Install Python packages
      run: |
-        pip install --upgrade pip setuptools
+        python3 -m pip install --upgrade pip six setuptools types-six click==8.0.2 'black==21.12b0' mypy isort clingo flake8
        pip install -r .github/workflows/style/requirements.txt
    - name: Setup git configuration
      run: |
        # Need this for the git tests to succeed.
@@ -58,31 +57,4 @@ jobs:
    uses: ./.github/workflows/audit.yaml
    with:
      with_coverage: ${{ inputs.with_coverage }}
-      python_version: '3.11'
+      python_version: '3.10'
  # Check that spack can bootstrap the development environment on Python 3.6 - RHEL8
  bootstrap-dev-rhel8:
    runs-on: ubuntu-latest
    container: registry.access.redhat.com/ubi8/ubi
    steps:
      - name: Install dependencies
        run: |
          dnf install -y \
              bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
              make patch tcl unzip which xz
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # @v2
      - name: Setup repo and non-root user
        run: |
          git --version
          git config --global --add safe.directory /__w/spack/spack
          git fetch --unshallow
          . .github/workflows/setup_git.sh
          useradd spack-test
          chown -R spack-test .
      - name: Bootstrap Spack development environment
        shell: runuser -u spack-test -- bash {0}
        run: |
          source share/spack/setup-env.sh
          spack debug report
          spack -d bootstrap now --dev
          spack style -t black
          spack unit-test -V
--- a/.github/workflows/windows_python.yml
+++ b/.github/workflows/windows_python.yml
@@ -10,70 +10,149 @@ concurrency:
 defaults:
  run:
    shell:
-     powershell Invoke-Expression -Command "./share/spack/qa/windows_test_setup.ps1"; {0}
+     powershell Invoke-Expression -Command ".\share\spack\qa\windows_test_setup.ps1"; {0}
 jobs:
  unit-tests:
    runs-on: windows-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
-          python -m pip install --upgrade pip pywin32 setuptools pytest-cov clingo
+          python -m pip install --upgrade pip six pywin32 setuptools codecov pytest-cov clingo
    - name: Create local develop
      run: |
-        ./.github/workflows/setup_git.ps1
+        .\spack\.github\workflows\setup_git.ps1
    - name: Unit Test
      run: |
        echo F|xcopy .\spack\share\spack\qa\configuration\windows_config.yaml $env:USERPROFILE\.spack\windows\config.yaml
        cd spack
        dir
        spack unit-test -x --verbose --cov --cov-config=pyproject.toml --ignore=lib/spack/spack/test/cmd
        ./share/spack/qa/validate_last_exit.ps1
        coverage combine -a
        coverage xml
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
      with:
        flags: unittests,windows
  unit-tests-cmd:
    runs-on: windows-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
-          python -m pip install --upgrade pip pywin32 setuptools coverage pytest-cov clingo
+          python -m pip install --upgrade pip six pywin32 setuptools codecov coverage pytest-cov clingo
    - name: Create local develop
      run: |
-        ./.github/workflows/setup_git.ps1
+        .\spack\.github\workflows\setup_git.ps1
    - name: Command Unit Test
      run: |
        echo F|xcopy .\spack\share\spack\qa\configuration\windows_config.yaml $env:USERPROFILE\.spack\windows\config.yaml
        cd spack
        spack unit-test -x --verbose --cov --cov-config=pyproject.toml lib/spack/spack/test/cmd
        ./share/spack/qa/validate_last_exit.ps1
        coverage combine -a
        coverage xml
-    - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d
+    - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70
      with:
        flags: unittests,windows
  build-abseil:
    runs-on: windows-latest
    steps:
-    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      with:
        fetch-depth: 0
-    - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236
+    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
-          python -m pip install --upgrade pip pywin32 setuptools coverage
+          python -m pip install --upgrade pip six pywin32 setuptools codecov coverage
    - name: Build Test
      run: |
        spack compiler find
-        spack -d external find cmake ninja
+        echo F|xcopy .\spack\share\spack\qa\configuration\windows_config.yaml $env:USERPROFILE\.spack\windows\config.yaml
        spack external find cmake
        spack external find ninja
        spack -d install abseil-cpp
  make-installer:
    runs-on: windows-latest
    steps:
    - name: Disable Windows Symlinks
      run: |
        git config --global core.symlinks false
      shell:
        powershell
    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
      with:
        fetch-depth: 0
    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
          python -m pip install --upgrade pip six pywin32 setuptools
    - name: Add Light and Candle to Path
      run: |
        $env:WIX >> $GITHUB_PATH
    - name: Run Installer
      run: |
        .\spack\share\spack\qa\setup_spack.ps1
        spack make-installer -s spack -g SILENT pkg
        echo "installer_root=$((pwd).Path)" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
      env:
        ProgressPreference: SilentlyContinue
    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
      with:
        name: Windows Spack Installer Bundle
        path: ${{ env.installer_root }}\pkg\Spack.exe
    - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
      with:
        name: Windows Spack Installer
        path: ${{ env.installer_root}}\pkg\Spack.msi
  execute-installer:
    needs: make-installer
    runs-on: windows-latest
    defaults:
      run:
        shell: pwsh
    steps:
    - uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984
      with:
        python-version: 3.9
    - name: Install Python packages
      run: |
          python -m pip install --upgrade pip six pywin32 setuptools
    - name: Setup installer directory
      run: |
        mkdir -p spack_installer
        echo "spack_installer=$((pwd).Path)\spack_installer" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
    - uses: actions/download-artifact@v3
      with:
        name: Windows Spack Installer Bundle
        path: ${{ env.spack_installer }}
    - name: Execute Bundled Installer
      run: |
        $proc = Start-Process  ${{ env.spack_installer }}\spack.exe "/install /quiet" -Passthru
        $handle = $proc.Handle # cache proc.Handle
        $proc.WaitForExit();
        $LASTEXITCODE
      env:
        ProgressPreference: SilentlyContinue
    - uses: actions/download-artifact@v3
      with:
        name: Windows Spack Installer
        path: ${{ env.spack_installer }}
    - name: Execute MSI
      run: |
        $proc = Start-Process  ${{ env.spack_installer }}\spack.msi "/quiet" -Passthru
        $handle = $proc.Handle # cache proc.Handle
        $proc.WaitForExit();
        $LASTEXITCODE
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -1,16 +1,10 @@
 version: 2
 build:
  os: "ubuntu-22.04"
  apt_packages:
    - graphviz
  tools:
    python: "3.11"
 sphinx:
  configuration: lib/spack/docs/conf.py
  fail_on_warning: true
 python:
  version: 3.7
  install:
    - requirements: lib/spack/docs/requirements.txt
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,545 +1,16 @@
 # v0.20.1 (2023-07-10)
 ## Spack Bugfixes
 - Spec removed from an environment where not actually removed if `--force` was not given (#37877)
 - Speed-up module file generation (#37739)
 - Hotfix for a few recipes that treat CMake as a link dependency (#35816)
 - Fix re-running stand-alone test a second time, which was getting a trailing spurious failure (#37840)
 - Fixed reading JSON manifest on Cray, reporting non-concrete specs (#37909)
 - Fixed a few bugs when generating Dockerfiles from Spack (#37766,#37769)
 - Fixed a few long-standing bugs when generating module files (#36678,#38347,#38465,#38455)
 - Fixed issues with building Python extensions using an external Python (#38186)
 - Fixed compiler removal from command line (#38057)
 - Show external status as [e] (#33792)
 - Backported `archspec` fixes (#37793)
 - Improved a few error messages (#37791)
 # v0.20.0 (2023-05-21)
 `v0.20.0` is a major feature release.
 ## Features in this release
 1. **`requires()` directive and enhanced package requirements**
   We've added some more enhancements to requirements in Spack (#36286).
   There is a new `requires()` directive for packages. `requires()` is the opposite of
   `conflicts()`. You can use it to impose constraints on this package when certain
   conditions are met:
   ```python
   requires(
       "%apple-clang",
       when="platform=darwin",
       msg="This package builds only with clang on macOS"
   )
   ```
   More on this in [the docs](
     https://spack.rtfd.io/en/latest/packaging_guide.html#conflicts-and-requirements).
   You can also now add a `when:` clause to `requires:` in your `packages.yaml`
   configuration or in an environment:
   ```yaml
   packages:
     openmpi:
       require:
       - any_of: ["%gcc"]
         when: "@:4.1.4"
         message: "Only OpenMPI 4.1.5 and up can build with fancy compilers"
   ```
   More details can be found [here](
     https://spack.readthedocs.io/en/latest/build_settings.html#package-requirements)
 2. **Exact versions**
   Spack did not previously have a way to distinguish a version if it was a prefix of
   some other version. For example, `@3.2` would match `3.2`, `3.2.1`, `3.2.2`, etc. You
   can now match *exactly* `3.2` with `@=3.2`. This is useful, for example, if you need
   to patch *only* the `3.2` version of a package. The new syntax is described in [the docs](
     https://spack.readthedocs.io/en/latest/basic_usage.html#version-specifier).
   Generally, when writing packages, you should prefer to use ranges like `@3.2` over
   the specific versions, as this allows the concretizer more leeway when selecting
   versions of dependencies. More details and recommendations are in the [packaging guide](
     https://spack.readthedocs.io/en/latest/packaging_guide.html#ranges-versus-specific-versions).
   See #36273 for full details on the version refactor.
 3. **New testing interface**
   Writing package tests is now much simpler with a new [test interface](
     https://spack.readthedocs.io/en/latest/packaging_guide.html#stand-alone-tests).
   Writing a test is now as easy as adding a method that starts with `test_`:
   ```python
   class MyPackage(Package):
       ...
       def test_always_fails(self):
           """use assert to always fail"""
           assert False
       def test_example(self):
           """run installed example"""
           example = which(self.prefix.bin.example)
           example()
    ```
    You can use Python's native `assert` statement to implement your checks -- no more
    need to fiddle with `run_test` or other test framework methods. Spack will
    introspect the class and run `test_*` methods when you run `spack test`,
 4. **More stable concretization**
   * Now, `spack concretize` will *only* concretize the new portions of the environment
     and will not change existing parts of an environment unless you specify `--force`.
     This has always been true for `unify:false`, but not for `unify:true` and
     `unify:when_possible` environments. Now it is true for all of them (#37438, #37681).
   * The concretizer has a new `--reuse-deps` argument that *only* reuses dependencies.
     That is, it will always treat the *roots* of your environment as it would with
     `--fresh`. This allows you to upgrade just the roots of your environment while
     keeping everything else stable (#30990).
 5. **Weekly develop snapshot releases**
   Since last year, we have maintained a buildcache of `develop` at
   https://binaries.spack.io/develop, but the cache can grow to contain so many builds
   as to be unwieldy. When we get a stable `develop` build, we snapshot the release and
   add a corresponding tag the Spack repository. So, you can use a stack from a specific
   day. There are now tags in the spack repository like:
   * `develop-2023-05-14`
   * `develop-2023-05-18`
   that correspond to build caches like:
   * https://binaries.spack.io/develop-2023-05-14/e4s
   * https://binaries.spack.io/develop-2023-05-18/e4s
   We plan to store these snapshot releases weekly.
 6. **Specs in buildcaches can be referenced by hash.**
   * Previously, you could run `spack buildcache list` and see the hashes in
     buildcaches, but referring to them by hash would fail.
   * You can now run commands like `spack spec` and `spack install` and refer to
     buildcache hashes directly, e.g. `spack install /abc123` (#35042)
 7. **New package and buildcache index websites**
   Our public websites for searching packages have been completely revamped and updated.
   You can check them out here:
   * *Package Index*: https://packages.spack.io
   * *Buildcache Index*: https://cache.spack.io
   Both are searchable and more interactive than before. Currently major releases are
   shown; UI for browsing `develop` snapshots is coming soon.
 8. **Default CMake and Meson build types are now Release**
   Spack has historically defaulted to building with optimization and debugging, but
   packages like `llvm` can be enormous with debug turned on. Our default build type for
   all Spack packages is now `Release` (#36679, #37436). This has a number of benefits:
   * much smaller binaries;
   * higher default optimization level; and
   * defining `NDEBUG` disables assertions, which may lead to further speedups.
   You can still get the old behavior back through requirements and package preferences.
 ## Other new commands and directives
 * `spack checksum` can automatically add new versions to package (#24532)
 * new command: `spack pkg grep` to easily search package files (#34388)
 * New `maintainers` directive (#35083)
 * Add `spack buildcache push` (alias to `buildcache create`) (#34861)
 * Allow using `-j` to control the parallelism of concretization (#37608)
 * Add `--exclude` option to 'spack external find' (#35013)
 ## Other new features of note
 * editing: add higher-precedence `SPACK_EDITOR` environment variable
 * Many YAML formatting improvements from updating `ruamel.yaml` to the latest version
  supporting Python 3.6. (#31091, #24885, #37008).
 * Requirements and preferences should not define (non-git) versions (#37687, #37747)
 * Environments now store spack version/commit in `spack.lock` (#32801)
 * User can specify the name of the `packages` subdirectory in repositories (#36643)
 * Add container images supporting RHEL alternatives (#36713)
 * make version(...) kwargs explicit (#36998)
 ## Notable refactors
 * buildcache create: reproducible tarballs (#35623)
 * Bootstrap most of Spack dependencies using environments (#34029)
 * Split `satisfies(..., strict=True/False)` into two functions (#35681)
 * spack install: simplify behavior when inside environments (#35206)
 ## Binary cache and stack updates
 * Major simplification of CI boilerplate in stacks (#34272, #36045)
 * Many improvements to our CI pipeline's reliability
 ## Removals, Deprecations, and disablements
 * Module file generation is disabled by default; you'll need to enable it to use it (#37258)
 * Support for Python 2 was deprecated in `v0.19.0` and has been removed. `v0.20.0` only
  supports Python 3.6 and higher.
 * Deprecated target names are no longer recognized by Spack. Use generic names instead:
  * `graviton` is now `cortex_a72`
  * `graviton2` is now `neoverse_n1`
  * `graviton3` is now `neoverse_v1`
 * `blacklist` and `whitelist` in module configuration were deprecated in `v0.19.0` and are
  removed in this release. Use `exclude` and `include` instead.
 * The `ignore=` parameter of the `extends()` directive has been removed. It was not used by
  any builtin packages and is no longer needed to avoid conflicts in environment views (#35588).
 * Support for the old YAML buildcache format has been removed. It was deprecated in `v0.19.0` (#34347).
 * `spack find --bootstrap` has been removed. It was deprecated in `v0.19.0`. Use `spack
  --bootstrap find` instead (#33964).
 * `spack bootstrap trust` and `spack bootstrap untrust` are now removed, having been
  deprecated in `v0.19.0`. Use `spack bootstrap enable` and `spack bootstrap disable`.
 * The `--mirror-name`, `--mirror-url`, and `--directory` options to buildcache and
  mirror commands were deprecated in `v0.19.0` and have now been removed. They have been
  replaced by positional arguments (#37457).
 * Deprecate `env:` as top level environment key (#37424)
 * deprecate buildcache create --rel, buildcache install --allow-root (#37285)
 * Support for very old perl-like spec format strings (e.g., `$_$@$%@+$+$=`) has been
  removed (#37425). This was deprecated in in `v0.15` (#10556).
 ## Notable Bugfixes
 * bugfix: don't fetch package metadata for unknown concrete specs (#36990)
 * Improve package source code context display on error  (#37655)
 * Relax environment manifest filename requirements and lockfile identification criteria (#37413)
 * `installer.py`: drop build edges of installed packages by default (#36707)
 * Bugfix: package requirements with git commits (#35057, #36347)
 * Package requirements: allow single specs in requirement lists (#36258)
 * conditional variant values: allow boolean (#33939)
 * spack uninstall: follow run/link edges on --dependents (#34058)
 ## Spack community stats
 * 7,179 total packages, 499 new since `v0.19.0`
    * 329 new Python packages
    * 31 new R packages
 * 336 people contributed to this release
    * 317 committers to packages
    * 62 committers to core
 # v0.19.1 (2023-02-07)
 ### Spack Bugfixes
 * `buildcache create`: make "file exists" less verbose (#35019)
 * `spack mirror create`: don't change paths to urls (#34992)
 * Improve error message for requirements (#33988)
 * uninstall: fix accidental cubic complexity (#34005)
 * scons: fix signature for `install_args` (#34481)
 * Fix `combine_phase_logs` text encoding issues (#34657)
 * Use a module-like object to propagate changes in the MRO, when setting build env (#34059)
 * PackageBase should not define builder legacy attributes (#33942)
 * Forward lookup of the "run_tests" attribute (#34531)
 * Bugfix for timers (#33917, #33900)
 * Fix path handling in prefix inspections (#35318)
 * Fix libtool filter for Fujitsu compilers (#34916)
 * Bug fix for duplicate rpath errors on macOS when creating build caches (#34375)
 * FileCache: delete the new cache file on exception (#34623)
 * Propagate exceptions from Spack python console (#34547)
 * Tests: Fix a bug/typo in a `config_values.py` fixture (#33886)
 * Various CI fixes (#33953, #34560, #34560, #34828)
 * Docs: remove monitors and analyzers, typos (#34358, #33926)
 * bump release version for tutorial command (#33859)
 # v0.19.0 (2022-11-11)
 `v0.19.0` is a major feature release.
 ## Major features in this release
 1. **Package requirements**
   Spack's traditional [package preferences](
     https://spack.readthedocs.io/en/latest/build_settings.html#package-preferences)
   are soft, but we've added hard requriements to `packages.yaml` and `spack.yaml`
   (#32528, #32369). Package requirements use the same syntax as specs:
   ```yaml
   packages:
     libfabric:
       require: "@1.13.2"
     mpich:
       require:
       - one_of: ["+cuda", "+rocm"]
   ```
   More details in [the docs](
     https://spack.readthedocs.io/en/latest/build_settings.html#package-requirements).
 2. **Environment UI Improvements**
   * Fewer surprising modifications to `spack.yaml` (#33711):
     * `spack install` in an environment will no longer add to the `specs:` list; you'll
       need to either use `spack add <spec>` or `spack install --add <spec>`.
     * Similarly, `spack uninstall` will not remove from your environment's `specs:`
       list; you'll need to use `spack remove` or `spack uninstall --remove`.
     This will make it easier to manage an environment, as there is clear separation
     between the stack to be installed (`spack.yaml`/`spack.lock`) and which parts of
     it should be installed (`spack install` / `spack uninstall`).
   * `concretizer:unify:true` is now the default mode for new environments (#31787)
     We see more users creating `unify:true` environments now. Users who need
     `unify:false` can add it to their environment to get the old behavior. This will
     concretize every spec in the environment independently.
   * Include environment configuration from URLs (#29026, [docs](
       https://spack.readthedocs.io/en/latest/environments.html#included-configurations))
     You can now include configuration in your environment directly from a URL:
     ```yaml
     spack:
       include:
       - https://github.com/path/to/raw/config/compilers.yaml
     ```
 4. **Multiple Build Systems**
   An increasing number of packages in the ecosystem need the ability to support
   multiple build systems (#30738, [docs](
     https://spack.readthedocs.io/en/latest/packaging_guide.html#multiple-build-systems)),
   either across versions, across platforms, or within the same version of the software.
   This has been hard to support through multiple inheritance, as methods from different
   build system superclasses would conflict. `package.py` files can now define separate
   builder classes with installation logic for different build systems, e.g.:
   ```python
   class ArpackNg(CMakePackage, AutotoolsPackage):
       build_system(
           conditional("cmake", when="@0.64:"),
           conditional("autotools", when="@:0.63"),
           default="cmake",
       )
   class CMakeBuilder(spack.build_systems.cmake.CMakeBuilder):
       def cmake_args(self):
           pass
   class Autotoolsbuilder(spack.build_systems.autotools.AutotoolsBuilder):
       def configure_args(self):
           pass
   ```
 5. **Compiler and variant propagation**
   Currently, compiler flags and variants are inconsistent: compiler flags set for a
   package are inherited by its dependencies, while variants are not. We should have
   these be consistent by allowing for inheritance to be enabled or disabled for both
   variants and compiler flags.
   Example syntax:
   - `package ++variant`:
         enabled variant that will be propagated to dependencies
   - `package +variant`:
         enabled variant that will NOT be propagated to dependencies
   - `package ~~variant`:
         disabled variant that will be propagated to dependencies
   - `package ~variant`:
         disabled variant that will NOT be propagated to dependencies
   - `package cflags==-g`:
         `cflags` will be propagated to dependencies
   - `package cflags=-g`:
         `cflags` will NOT be propagated to dependencies
   Syntax for non-boolan variants is similar to compiler flags. More in the docs for
   [variants](
     https://spack.readthedocs.io/en/latest/basic_usage.html#variants) and [compiler flags](
     https://spack.readthedocs.io/en/latest/basic_usage.html#compiler-flags).
 6. **Enhancements to git version specifiers**
   * `v0.18.0` added the ability to use git commits as versions. You can now use the
     `git.` prefix to specify git tags or branches as versions. All of these are valid git
     versions in `v0.19` (#31200):
     ```console
     foo@abcdef1234abcdef1234abcdef1234abcdef1234      # raw commit
     foo@git.abcdef1234abcdef1234abcdef1234abcdef1234  # commit with git prefix
     foo@git.develop                                   # the develop branch
     foo@git.0.19                                      # use the 0.19 tag
     ```
   * `v0.19` also gives you more control over how Spack interprets git versions, in case
     Spack cannot detect the version from the git repository. You can suffix a git
     version with `=<version>` to force Spack to concretize it as a particular version
     (#30998, #31914, #32257):
     ```console
     # use mybranch, but treat it as version 3.2 for version comparison
     foo@git.mybranch=3.2
     # use the given commit, but treat it as develop for version comparison
     foo@git.abcdef1234abcdef1234abcdef1234abcdef1234=develop
     ```
     More in [the docs](
       https://spack.readthedocs.io/en/latest/basic_usage.html#version-specifier)
 7. **Changes to Cray EX Support**
   Cray machines have historically had their own "platform" within Spack, because we
   needed to go through the module system to leverage compilers and MPI installations on
   these machines. The Cray EX programming environment now provides standalone `craycc`
   executables and proper `mpicc` wrappers, so Spack can treat EX machines like Linux
   with extra packages (#29392).
   We expect this to greatly reduce bugs, as external packages and compilers can now be
   used by prefix instead of through modules. We will also no longer be subject to
   reproducibility issues when modules change from Cray PE release to release and from
   site to site. This also simplifies dealing with the underlying Linux OS on cray
   systems, as Spack will properly model the machine's OS as either SuSE or RHEL.
 8. **Improvements to tests and testing in CI**
   * `spack ci generate --tests` will generate a `.gitlab-ci.yml` file that not only does
     builds but also runs tests for built packages (#27877). Public GitHub pipelines now
     also run tests in CI.
   * `spack test run --explicit` will only run tests for packages that are explicitly
     installed, instead of all packages.
 9. **Experimental binding link model**
   You can add a new option to `config.yaml` to make Spack embed absolute paths to
   needed shared libraries in ELF executables and shared libraries on Linux (#31948, [docs](
     https://spack.readthedocs.io/en/latest/config_yaml.html#shared-linking-bind)):
   ```yaml
   config:
     shared_linking:
       type: rpath
       bind: true
   ```
   This can improve launch time at scale for parallel applications, and it can make
   installations less susceptible to environment variables like `LD_LIBRARY_PATH`, even
   especially when dealing with external libraries that use `RUNPATH`. You can think of
   this as a faster, even higher-precedence version of `RPATH`.
 ## Other new features of note
 * `spack spec` prints dependencies more legibly. Dependencies in the output now appear
  at the *earliest* level of indentation possible (#33406)
 * You can override `package.py` attributes like `url`, directly in `packages.yaml`
  (#33275, [docs](
    https://spack.readthedocs.io/en/latest/build_settings.html#assigning-package-attributes))
 * There are a number of new architecture-related format strings you can use in Spack
  configuration files to specify paths (#29810, [docs](
    https://spack.readthedocs.io/en/latest/configuration.html#config-file-variables))
 * Spack now supports bootstrapping Clingo on Windows (#33400)
 * There is now support for an `RPATH`-like library model on Windows (#31930)
 ## Performance Improvements
 * Major performance improvements for installation from binary caches (#27610, #33628,
  #33636, #33608, #33590, #33496)
 * Test suite can now be parallelized using `xdist` (used in GitHub Actions) (#32361)
 * Reduce lock contention for parallel builds in environments (#31643)
 ## New binary caches and stacks
 * We now build nearly all of E4S with `oneapi` in our buildcache (#31781, #31804,
  #31804, #31803, #31840, #31991, #32117, #32107, #32239)
 * Added 3 new machine learning-centric stacks to binary cache: `x86_64_v3`, CUDA, ROCm
  (#31592, #33463)
 ## Removals and Deprecations
 * Support for Python 3.5 is dropped (#31908). Only Python 2.7 and 3.6+ are officially
  supported.
 * This is the last Spack release that will support Python 2 (#32615). Spack `v0.19`
  will emit a deprecation warning if you run it with Python 2, and Python 2 support will
  soon be removed from the `develop` branch.
 * `LD_LIBRARY_PATH` is no longer set by default by `spack load` or module loads.
  Setting `LD_LIBRARY_PATH` in Spack environments/modules can cause binaries from
  outside of Spack to crash, and Spack's own builds use `RPATH` and do not need
  `LD_LIBRARY_PATH` set in order to run. If you still want the old behavior, you
  can run these commands to configure Spack to set `LD_LIBRARY_PATH`:
  ```console
  spack config add modules:prefix_inspections:lib64:[LD_LIBRARY_PATH]
  spack config add modules:prefix_inspections:lib:[LD_LIBRARY_PATH]
  ```
 * The `spack:concretization:[together|separately]` has been removed after being
  deprecated in `v0.18`. Use `concretizer:unify:[true|false]`.
 * `config:module_roots` is no longer supported after being deprecated in `v0.18`. Use
  configuration in module sets instead (#28659, [docs](
    https://spack.readthedocs.io/en/latest/module_file_support.html)).
 * `spack activate` and `spack deactivate` are no longer supported, having been
  deprecated in `v0.18`. Use an environment with a view instead of
  activating/deactivating ([docs](
    https://spack.readthedocs.io/en/latest/environments.html#configuration-in-spack-yaml)).
 * The old YAML format for buildcaches is now deprecated (#33707). If you are using an
  old buildcache with YAML metadata you will need to regenerate it with JSON metadata.
 * `spack bootstrap trust` and `spack bootstrap untrust` are deprecated in favor of
  `spack bootstrap enable` and `spack bootstrap disable` and will be removed in `v0.20`.
  (#33600)
 * The `graviton2` architecture has been renamed to `neoverse_n1`, and `graviton3`
  is now `neoverse_v1`. Buildcaches using the old architecture names will need to be rebuilt.
 * The terms `blacklist` and `whitelist` have been replaced with `include` and `exclude`
  in all configuration files (#31569). You can use `spack config update` to
  automatically fix your configuration files.
 ## Notable Bugfixes
 * Permission setting on installation now handles effective uid properly (#19980)
 * `buildable:true` for an MPI implementation now overrides `buildable:false` for `mpi` (#18269)
 * Improved error messages when attempting to use an unconfigured compiler (#32084)
 * Do not punish explicitly requested compiler mismatches in the solver (#30074)
 * `spack stage`: add missing --fresh and --reuse (#31626)
 * Fixes for adding build system executables like `cmake` to package scope (#31739)
 * Bugfix for binary relocation with aliased strings produced by newer `binutils` (#32253)
 ## Spack community stats
 * 6,751 total packages, 335 new since `v0.18.0`
    * 141 new Python packages
    * 89 new R packages
 * 303 people contributed to this release
    * 287 committers to packages
    * 57 committers to core
 # v0.18.1 (2022-07-19)
 ### Spack Bugfixes
 * Fix several bugs related to bootstrapping (#30834,#31042,#31180)
-* Fix a regression that was causing spec hashes to differ between
+* Fix a regression that was causing spec hashes to differ between 
  Python 2 and Python 3 (#31092)
 * Fixed compiler flags for oneAPI and DPC++ (#30856)
 * Fixed several issues related to concretization (#31142,#31153,#31170,#31226)
 * Improved support for Cray manifest file and `spack external find` (#31144,#31201,#31173,#31186)
 * Assign a version to openSUSE Tumbleweed according to the GLIBC version
-  in the system (#19895)
+  in the system (#19895) 
 * Improved Dockerfile generation for `spack containerize` (#29741,#31321)
-* Fixed a few bugs related to concurrent execution of commands (#31509,#31493,#31477)
+* Fixed a few bugs related to concurrent execution of commands (#31509,#31493,#31477)  
 ### Package updates
 * WarpX: add v22.06, fixed libs property (#30866,#31102)
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -27,53 +27,12 @@
 # And here's the CITATION.cff format:
 #
 cff-version: 1.2.0
 type: software
 message: "If you are referencing Spack in a publication, please cite the paper below."
 title: "The Spack Package Manager: Bringing Order to HPC Software Chaos"
 abstract: >-
  Large HPC centers spend considerable time supporting software for thousands of users, but the complexity of HPC software is quickly outpacing the capabilities of existing software management tools.
  Scientific applications require specific versions of compilers, MPI, and other dependency libraries, so using a single, standard software stack is infeasible.
  However, managing many configurations is difficult because the configuration space is combinatorial in size.
  We introduce Spack, a tool used at Lawrence Livermore National Laboratory to manage this complexity.
  Spack provides a novel, re- cursive specification syntax to invoke parametric builds of packages and dependencies.
  It allows any number of builds to coexist on the same system, and it ensures that installed packages can find their dependencies, regardless of the environment.
  We show through real-world use cases that Spack supports diverse and demanding applications, bringing order to HPC software chaos.
 preferred-citation:
  title: "The Spack Package Manager: Bringing Order to HPC Software Chaos"
  type: conference-paper
-  url: "https://tgamblin.github.io/pubs/spack-sc15.pdf"
+  doi: "10.1145/2807591.2807623"
  url: "https://github.com/spack/spack"
  authors:
    - family-names: "Gamblin"
      given-names: "Todd"
    - family-names: "LeGendre"
      given-names: "Matthew"
    - family-names: "Collette"
      given-names: "Michael R."
    - family-names: "Lee"
      given-names: "Gregory L."
    - family-names: "Moody"
      given-names: "Adam"
    - family-names: "de Supinski"
      given-names: "Bronis R."
    - family-names: "Futral"
      given-names: "Scott"
  conference:
    name: "Supercomputing 2015 (SC’15)"
    city: "Austin"
    region: "Texas"
    country: "US"
    date-start: 2015-11-15
    date-end: 2015-11-20
  month: 11
  year: 2015
  identifiers:
    - description: "The concept DOI of the work."
      type: doi
      value: 10.1145/2807591.2807623
    - description: "The DOE Document Release Number of the work"
      type: other 
      value: "LLNL-CONF-669890"
 authors:
  - family-names: "Gamblin"
    given-names: "Todd"
  - family-names: "LeGendre"
@@ -88,3 +47,12 @@ authors:
    given-names: "Bronis R."
  - family-names: "Futral"
    given-names: "Scott"
  title: "The Spack Package Manager: Bringing Order to HPC Software Chaos"
  conference:
    name: "Supercomputing 2015 (SC’15)"
    city: "Austin"
    region: "Texas"
    country: "USA"
  month: November 15-20
  year: 2015
  notes: LLNL-CONF-669890
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2013-2023 LLNS, LLC and other Spack Project Developers.
+Copyright (c) 2013-2022 LLNS, LLC and other Spack Project Developers.
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -7,7 +7,6 @@
 [![Read the Docs](https://readthedocs.org/projects/spack/badge/?version=latest)](https://spack.readthedocs.io)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Slack](https://slack.spack.io/badge.svg)](https://slack.spack.io)
 [![Matrix](https://img.shields.io/matrix/spack-space%3Amatrix.org?label=Matrix)](https://matrix.to/#/#spack-space:matrix.org)
 Spack is a multi-platform package manager that builds and installs
 multiple versions and configurations of software. It works on Linux,
@@ -63,10 +62,7 @@ Resources:
 * **Slack workspace**: [spackpm.slack.com](https://spackpm.slack.com).
  To get an invitation, visit [slack.spack.io](https://slack.spack.io).
-* **Matrix space**: [#spack-space:matrix.org](https://matrix.to/#/#spack-space:matrix.org):
+* [**Github Discussions**](https://github.com/spack/spack/discussions): not just for discussions, also Q&A.
  [bridged](https://github.com/matrix-org/matrix-appservice-slack#matrix-appservice-slack) to Slack.
 * [**Github Discussions**](https://github.com/spack/spack/discussions):
  not just for discussions, also Q&A.
 * **Mailing list**: [groups.google.com/d/forum/spack](https://groups.google.com/d/forum/spack)
 * **Twitter**: [@spackpm](https://twitter.com/spackpm). Be sure to
  `@mention` us!
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,26 +2,24 @@
 ## Supported Versions
-We provide security updates for `develop` and for the last two
+We provide security updates for the following releases.
 stable (`0.x`) release series of Spack. Security updates will be
 made available as patch (`0.x.1`, `0.x.2`, etc.) releases.
 For more on Spack's release structure, see
 [`README.md`](https://github.com/spack/spack#releases).
 | Version | Supported          |
 | ------- | ------------------ |
 | develop | :white_check_mark: |
 | 0.17.x  | :white_check_mark: |
 | 0.16.x  | :white_check_mark: |
 ## Reporting a Vulnerability
-You can report a vulnerability using GitHub's private reporting
+To report a vulnerability or other security
-feature:
+issue, email maintainers@spack.io.
-1. Go to [github.com/spack/spack/security](https://github.com/spack/spack/security).
+You can expect to hear back within two days.
-2. Click "Report a vulnerability" in the upper right corner of that page.
+If your security issue is accepted, we will do
-3. Fill out the form and submit your draft security advisory.
+our best to release a fix within a week. If
-
+fixing the issue will take longer than this,
-More details are available in
+we will discuss timeline options with you.
 [GitHub's docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
 You can expect to hear back about security issues within two days.
 If your security issue is accepted, we will do our best to release
 a fix within a week. If fixing the issue will take longer than
 this, we will discuss timeline options with you.
--- a/bin/haspywin.py
+++ b/bin/haspywin.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -10,7 +10,6 @@ def getpywin():
    try:
        import win32con  # noqa: F401
    except ImportError:
        print("pyWin32 not installed but is required...\nInstalling via pip:")
        subprocess.check_call([sys.executable, "-m", "pip", "-q", "install", "--upgrade", "pip"])
        subprocess.check_call([sys.executable, "-m", "pip", "-q", "install", "pywin32"])
--- a/bin/sbang
+++ b/bin/sbang
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # sbang project developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/bin/spack
+++ b/bin/spack
@@ -1,7 +1,7 @@
 #!/bin/sh
 # -*- python -*-
 #
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -25,15 +25,19 @@ exit 1
 # Line above is a shell no-op, and ends a python multi-line comment.
 # The code above runs this file with our preferred python interpreter.
 from __future__ import print_function
 import os
 import os.path
 import sys
-min_python3 = (3, 6)
+min_python3 = (3, 5)
-if sys.version_info[:2] < min_python3:
+if sys.version_info[:2] < (2, 7) or (
    sys.version_info[:2] >= (3, 0) and sys.version_info[:2] < min_python3
 ):
    v_info = sys.version_info[:3]
-    msg = "Spack requires Python %d.%d or higher " % min_python3
+    msg = "Spack requires Python 2.7 or %d.%d or higher " % min_python3
    msg += "You are running spack with Python %d.%d.%d." % v_info
    sys.exit(msg)
@@ -45,8 +49,52 @@ spack_prefix = os.path.dirname(os.path.dirname(spack_file))
 spack_lib_path = os.path.join(spack_prefix, "lib", "spack")
 sys.path.insert(0, spack_lib_path)
-from spack_installable.main import main  # noqa: E402
+# Add external libs
 spack_external_libs = os.path.join(spack_lib_path, "external")
 if sys.version_info[:2] <= (2, 7):
    sys.path.insert(0, os.path.join(spack_external_libs, "py2"))
 sys.path.insert(0, spack_external_libs)
 # Here we delete ruamel.yaml in case it has been already imported from site
 # (see #9206 for a broader description of the issue).
 #
 # Briefly: ruamel.yaml produces a .pth file when installed with pip that
 # makes the site installed package the preferred one, even though sys.path
 # is modified to point to another version of ruamel.yaml.
 if "ruamel.yaml" in sys.modules:
    del sys.modules["ruamel.yaml"]
 if "ruamel" in sys.modules:
    del sys.modules["ruamel"]
 # The following code is here to avoid failures when updating
 # the develop version, due to spurious argparse.pyc files remaining
 # in the libs/spack/external directory, see:
 # https://github.com/spack/spack/pull/25376
 # TODO: Remove in v0.18.0 or later
 try:
    import argparse
 except ImportError:
    argparse_pyc = os.path.join(spack_external_libs, "argparse.pyc")
    if not os.path.exists(argparse_pyc):
        raise
    try:
        os.remove(argparse_pyc)
        import argparse  # noqa: F401
    except Exception:
        msg = (
            "The file\n\n\t{0}\n\nis corrupted and cannot be deleted by Spack. "
            "Either delete it manually or ask some administrator to "
            "delete it for you."
        )
        print(msg.format(argparse_pyc))
        sys.exit(1)
 import spack.main  # noqa: E402
 # Once we've set up the system path, run the spack main method
 if __name__ == "__main__":
-    sys.exit(main())
+    sys.exit(spack.main.main())
--- a/bin/spack-python
+++ b/bin/spack-python
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/bin/spack-tmpconfig
+++ b/bin/spack-tmpconfig
@@ -72,7 +72,6 @@ config:
    root: $TMP_DIR/install
  misc_cache: $$user_cache_path/cache
  source_cache: $$user_cache_path/source
  environments_root: $TMP_DIR/envs
 EOF
 cat >"$SPACK_USER_CONFIG_PATH/bootstrap.yaml" <<EOF
 bootstrap:
--- a/bin/spack.bat
+++ b/bin/spack.bat
@@ -1,4 +1,4 @@
-:: Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+:: Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 :: Spack Project Developers. See the top-level COPYRIGHT file for details.
 ::
 :: SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -14,7 +14,7 @@
 ::
@echo off
-set spack="%SPACK_ROOT%"\bin\spack
+set spack=%SPACK_ROOT%\bin\spack
 ::#######################################################################
 :: This is a wrapper around the spack command that forwards calls to
@@ -50,48 +50,25 @@ setlocal enabledelayedexpansion
 :: flags will always start with '-', e.g. --help or -V
 :: subcommands will never start with '-'
 :: everything after the subcommand is an arg
-
+for %%x in (%*) do (
-
+    set t="%%~x"
-:process_cl_args
+    if "!t:~0,1!" == "-" (
-rem Set first cl argument (denoted by %1) to be processed
+        if defined _sp_subcommand (
-set t=%1
+            :: We already have a subcommand, processing args now
 rem shift moves all cl positional arguments left by one
 rem meaning %2 is now %1, this allows us to iterate over each
 rem argument
 shift
 rem assign next "first" cl argument to cl_args, will be null when
 rem there are now further arguments to process
 set cl_args=%1
 if "!t:~0,1!" == "-" (
    if defined _sp_subcommand (
        rem  We already have a subcommand, processing args now
        if not defined _sp_args (
            set "_sp_args=!t!"
        ) else (
            set "_sp_args=!_sp_args! !t!"
        )
    ) else (
        if not defined _sp_flags (
            set "_sp_flags=!t!"
        ) else (
            set "_sp_flags=!_sp_flags! !t!"
            shift
        )
-    )
+    ) else if not defined _sp_subcommand (
-) else if not defined _sp_subcommand (
+        set "_sp_subcommand=!t!"
-    set "_sp_subcommand=!t!"
+        shift
 ) else (
    if not defined _sp_args (
        set "_sp_args=!t!"
    ) else (
        set "_sp_args=!_sp_args! !t!"
        shift
    )
 )
 rem  if this is not nu;ll, we have more tokens to process
 rem  start above process again with remaining unprocessed cl args
 if defined cl_args goto :process_cl_args
 :: --help, -h and -V flags don't require further output parsing.
 :: If we encounter, execute and exit
 if defined _sp_flags (
@@ -106,24 +83,24 @@ if defined _sp_flags (
        exit /B 0
    )
 )
 if not defined _sp_subcommand (
   if not defined _sp_args (
      if not defined _sp_flags (
         python "%spack%" --help
         exit /B 0
      )
   )
 )
 :: pass parsed variables outside of local scope. Need to do
 :: this because delayedexpansion can only be set by setlocal
-endlocal & (
+echo %_sp_flags%>flags
-    set "_sp_flags=%_sp_flags%"
+echo %_sp_args%>args
-    set "_sp_args=%_sp_args%"
+echo %_sp_subcommand%>subcmd
-    set "_sp_subcommand=%_sp_subcommand%"
+endlocal
-)
+set /p _sp_subcommand=<subcmd
-
+set /p _sp_flags=<flags
 set /p _sp_args=<args
 set str_subcommand=%_sp_subcommand:"='%
 set str_flags=%_sp_flags:"='%
 set str_args=%_sp_args:"='%
 if "%str_subcommand%"=="ECHO is off." (set "_sp_subcommand=")
 if "%str_flags%"=="ECHO is off." (set "_sp_flags=")
 if "%str_args%"=="ECHO is off." (set "_sp_args=")
 del subcmd
 del flags
 del args
 :: Filter out some commands. For any others, just run the command.
 if "%_sp_subcommand%" == "cd" (
@@ -166,9 +143,7 @@ goto :end_switch
 :: If no args or args contain --bat or -h/--help: just execute.
 if NOT defined _sp_args (
    goto :default_case
-)
+)else if NOT "%_sp_args%"=="%_sp_args:--help=%" (
 if NOT "%_sp_args%"=="%_sp_args:--help=%" (
    goto :default_case
 ) else if NOT "%_sp_args%"=="%_sp_args: -h=%" (
    goto :default_case
@@ -176,11 +151,11 @@ if NOT "%_sp_args%"=="%_sp_args:--help=%" (
    goto :default_case
 ) else if NOT "%_sp_args%"=="%_sp_args:deactivate=%" (
    for /f "tokens=* USEBACKQ" %%I in (
-        `call python %spack% %_sp_flags% env deactivate --bat %_sp_args:deactivate=%`
+        `call python "%spack%" %_sp_flags% env deactivate --bat %_sp_args:deactivate=%`
    ) do %%I
 ) else if NOT "%_sp_args%"=="%_sp_args:activate=%" (
    for /f "tokens=* USEBACKQ" %%I in (
-        `python %spack% %_sp_flags% env activate --bat %_sp_args:activate=%`
+        `call python "%spack%" %_sp_flags% env activate --bat %_sp_args:activate=%`
    ) do %%I
 ) else (
    goto :default_case
@@ -192,7 +167,7 @@ goto :end_switch
 if defined _sp_args (
    if NOT "%_sp_args%"=="%_sp_args:--help=%" (
        goto :default_case
-    ) else if NOT "%_sp_args%"=="%_sp_args:-h=%" (
+    ) else if NOT "%_sp_args%"=="%_sp_args: -h=%" (
        goto :default_case
    ) else if NOT "%_sp_args%"=="%_sp_args:--bat=%" (
        goto :default_case
@@ -201,7 +176,7 @@ if defined _sp_args (
 for /f "tokens=* USEBACKQ" %%I in (
    `python "%spack%" %_sp_flags% %_sp_subcommand% --bat %_sp_args%`) do %%I
-
+)
 goto :end_switch
 :case_unload
@@ -239,10 +214,10 @@ for %%Z in ("%_pa_new_path%") do if EXIST %%~sZ\NUL (
 exit /b 0
 :: set module system roots
-:_sp_multi_pathadd
+:_sp_multi_pathadd 
 for %%I in (%~2) do (
    for %%Z in (%_sp_compatible_sys_types%) do (
        :pathadd "%~1" "%%I\%%Z"
    )
 )
-exit /B %ERRORLEVEL%
+exit /B %ERRORLEVEL%
--- a/bin/spack.ps1
+++ b/bin/spack.ps1
@@ -1,146 +0,0 @@
 #  Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
 #  Spack Project Developers. See the top-level COPYRIGHT file for details.
 #  SPDX-License-Identifier: (Apache-2.0 OR MIT)
 # #######################################################################
 function Compare-CommonArgs {
    $CMDArgs = $args[0]
    # These aruments take precedence and call for no futher parsing of arguments
    # invoke actual Spack entrypoint with that context and exit after
    "--help", "-h", "--version", "-V" | ForEach-Object {
        $arg_opt = $_
        if(($CMDArgs) -and ([bool]($CMDArgs.Where({$_ -eq $arg_opt})))) {
            return $true
        }
    }
    return $false
 }
 function Read-SpackArgs {
    $SpackCMD_params = @()
    $SpackSubCommand = $NULL
    $SpackSubCommandArgs = @()
    $args_ = $args[0]
    $args_ | ForEach-Object {
        if (!$SpackSubCommand) {
            if($_.SubString(0,1) -eq "-")
            {
                $SpackCMD_params += $_
            }
            else{
                $SpackSubCommand = $_
            }
        }
        else{
            $SpackSubCommandArgs += $_
        }
    }
    return $SpackCMD_params, $SpackSubCommand, $SpackSubCommandArgs
 }
 function Set-SpackEnv {
    # This method is responsible
    # for processing the return from $(spack <command>)
    # which are returned as System.Object[]'s containing
    # a list of env commands
    # Invoke-Expression can only handle one command at a time
    # so we iterate over the list to invoke the env modification
    # expressions one at a time
    foreach($envop in $args[0]){
        Invoke-Expression $envop
    }
 }
 function Invoke-SpackCD {
    if (Compare-CommonArgs $SpackSubCommandArgs) {
        python "$Env:SPACK_ROOT/bin/spack" cd -h
    }
    else {
        $LOC = $(python "$Env:SPACK_ROOT/bin/spack" location $SpackSubCommandArgs)
        if (($NULL -ne $LOC)){
            if ( Test-Path -Path $LOC){
                Set-Location $LOC
            }
            else{
                exit 1
            }
        }
        else {
            exit 1
        }
    }
 }
 function Invoke-SpackEnv {
    if (Compare-CommonArgs $SpackSubCommandArgs[0]) {
        python "$Env:SPACK_ROOT/bin/spack" env -h
    }
    else {
        $SubCommandSubCommand = $SpackSubCommandArgs[0]
        $SubCommandSubCommandArgs = $SpackSubCommandArgs[1..$SpackSubCommandArgs.Count]
        switch ($SubCommandSubCommand) {
            "activate" {
                if (Compare-CommonArgs $SubCommandSubCommandArgs) {
                    python "$Env:SPACK_ROOT/bin/spack" env activate $SubCommandSubCommandArgs
                }
                elseif ([bool]($SubCommandSubCommandArgs.Where({$_ -eq "--pwsh"}))) {
                    python "$Env:SPACK_ROOT/bin/spack" env activate $SubCommandSubCommandArgs
                }
                elseif (!$SubCommandSubCommandArgs) {
                    python "$Env:SPACK_ROOT/bin/spack" env activate $SubCommandSubCommandArgs
                }
                else {
                    $SpackEnv = $(python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params env activate "--pwsh" $SubCommandSubCommandArgs)
                    Set-SpackEnv $SpackEnv
                }
            }
            "deactivate" {
                if ([bool]($SubCommandSubCommandArgs.Where({$_ -eq "--pwsh"}))) {
                    python"$Env:SPACK_ROOT/bin/spack" env deactivate $SubCommandSubCommandArgs
                }
                elseif($SubCommandSubCommandArgs) {
                    python "$Env:SPACK_ROOT/bin/spack" env deactivate -h
                }
                else {
                    $SpackEnv = $(python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params env deactivate "--pwsh")
                    Set-SpackEnv $SpackEnv
                }
            }
            default {python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand $SpackSubCommandArgs}
        }
    }
 }
 function Invoke-SpackLoad {
    if (Compare-CommonArgs $SpackSubCommandArgs) {
        python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand $SpackSubCommandArgs
    }
    elseif ([bool]($SpackSubCommandArgs.Where({($_ -eq "--pwsh") -or ($_ -eq "--list")}))) {
        python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand $SpackSubCommandArgs
    }
    else {
        $SpackEnv = $(python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand "--pwsh" $SpackSubCommandArgs)
        Set-SpackEnv $SpackEnv
    }
 }
 $SpackCMD_params, $SpackSubCommand, $SpackSubCommandArgs = Read-SpackArgs $args
 if (Compare-CommonArgs $SpackCMD_params) {
    python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand $SpackSubCommandArgs
    exit $LASTEXITCODE
 }
 # Process Spack commands with special conditions
 # all other commands are piped directly to Spack
 switch($SpackSubCommand)
 {
    "cd"     {Invoke-SpackCD}
    "env"    {Invoke-SpackEnv}
    "load"   {Invoke-SpackLoad}
    "unload" {Invoke-SpackLoad}
    default  {python "$Env:SPACK_ROOT/bin/spack" $SpackCMD_params $SpackSubCommand $SpackSubCommandArgs}
 }
--- a/bin/spack_cmd.bat
+++ b/bin/spack_cmd.bat
@@ -52,6 +52,7 @@ if defined py_path (
 if defined py_exe (
    "%py_exe%" "%SPACK_ROOT%\bin\haspywin.py"
    "%py_exe%" "%SPACK_ROOT%\bin\spack" external find python >NUL
 )
 set "EDITOR=notepad"
--- a/bin/spack_pwsh.ps1
+++ b/bin/spack_pwsh.ps1
@@ -1,4 +1,4 @@
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/etc/spack/defaults/bootstrap.yaml
+++ b/etc/spack/defaults/bootstrap.yaml
@@ -9,15 +9,15 @@ bootstrap:
  # may not be able to bootstrap all the software that Spack needs,
  # depending on its type.
  sources:
  - name: 'github-actions-v0.5'
    metadata: $spack/share/spack/bootstrap/github-actions-v0.5
  - name: 'github-actions-v0.4'
    metadata: $spack/share/spack/bootstrap/github-actions-v0.4
  - name: 'github-actions-v0.3'
    metadata: $spack/share/spack/bootstrap/github-actions-v0.3
  - name: 'spack-install'
    metadata: $spack/share/spack/bootstrap/spack-install
  trusted:
    # By default we trust bootstrapping from sources and from binaries
    # produced on Github via the workflow
    github-actions-v0.5: true
    github-actions-v0.4: true
    github-actions-v0.3: true
    spack-install: true
--- a/etc/spack/defaults/concretizer.yaml
+++ b/etc/spack/defaults/concretizer.yaml
@@ -13,18 +13,16 @@ concretizer:
  # Whether to consider installed packages or packages from buildcaches when
  # concretizing specs. If `true`, we'll try to use as many installs/binaries
  # as possible, rather than building. If `false`, we'll always give you a fresh
-  # concretization. If `dependencies`, we'll only reuse dependencies but
+  # concretization.
-  # give you a fresh concretization for your root specs.
+  reuse: true
  reuse: dependencies
  # Options that tune which targets are considered for concretization. The
  # concretization process is very sensitive to the number targets, and the time
  # needed to reach a solution increases noticeably with the number of targets
  # considered.
  targets:
-    # Determine whether we want to target specific or generic
+    # Determine whether we want to target specific or generic microarchitectures.
-    # microarchitectures. Valid values are: "microarchitectures" or "generic".
+    # An example of the first kind might be for instance "skylake" or "bulldozer",
-    # An example of "microarchitectures" would be "skylake" or "bulldozer",
+    # while generic microarchitectures are for instance "aarch64" or "x86_64_v4".
    # while an example of "generic" would be "aarch64" or "x86_64_v4".
    granularity: microarchitectures
    # If "false" allow targets that are incompatible with the current host (for
    # instance concretize with target "icelake" while running on "haswell").
@@ -35,10 +33,4 @@ concretizer:
  # environments can always be activated. When "false" perform concretization separately
  # on each root spec, allowing different versions and variants of the same package in
  # an environment.
-  unify: true
+  unify: false
  # Option to deal with possible duplicate nodes (i.e. different nodes from the same package) in the DAG.
  duplicates:
    # "none": allows a single node for any package in the DAG.
    # "minimal": allows the duplication of 'build-tools' nodes only (e.g. py-setuptools, cmake etc.)
    # "full" (experimental): allows separation of the entire build-tool stack (e.g. the entire "cmake" subDAG)
    strategy: minimal
--- a/etc/spack/defaults/config.yaml
+++ b/etc/spack/defaults/config.yaml
@@ -19,7 +19,7 @@ config:
  install_tree:
    root: $spack/opt/spack
    projections:
-      all: "{architecture}/{compiler.name}-{compiler.version}/{name}-{version}-{hash}"
+      all: "${ARCHITECTURE}/${COMPILERNAME}-${COMPILERVER}/${PACKAGE}-${VERSION}-${HASH}"
    # install_tree can include an optional padded length (int or boolean)
    # default is False (do not pad)
    # if padded_length is True, Spack will pad as close to the system max path
@@ -54,11 +54,6 @@ config:
  # are that it precludes its use as a system package and its ability to be
  # pip installable.
  #
  # In Spack environment files, chaining onto existing system Spack
  # installations, the $env variable can be used to download, cache and build
  # into user-writable paths that are relative to the currently active
  # environment.
  #
  # In any case, if the username is not already in the path, Spack will append
  # the value of `$user` in an attempt to avoid potential conflicts between
  # users in shared temporary spaces.
@@ -81,10 +76,6 @@ config:
  source_cache: $spack/var/spack/cache
  ## Directory where spack managed environments are created and stored
  # environments_root: $spack/var/spack/environments
  # Cache directory for miscellaneous files, like the package index.
  # This can be purged with `spack clean --misc-cache`
  misc_cache: $user_cache_path/cache
@@ -185,7 +176,7 @@ config:
  # when Spack needs to manage its own package metadata and all operations are
  # expected to complete within the default time limit. The timeout should
  # therefore generally be left untouched.
-  db_lock_timeout: 60
+  db_lock_timeout: 3
  # How long to wait when attempting to modify a package (e.g. to install it).
@@ -216,16 +207,11 @@ config:
  # manipulation by unprivileged user (e.g. AFS)
  allow_sgid: true
-  # Whether to show status information during building and installing packages.
+  # Whether to set the terminal title to display status information during
-  # This gives information about Spack's current progress as well as the current
+  # building and installing packages. This gives information about Spack's
-  # and total number of packages. Information is shown both in the terminal
+  # current progress as well as the current and total number of packages.
-  # title and inline.
+  terminal_title: false
  install_status: true
  # Number of seconds a buildcache's index.json is cached locally before probing
  # for updates, within a single Spack invocation. Defaults to 10 minutes.
-  binary_index_ttl: 600
+  binary_index_ttl: 600
  flags:
    # Whether to keep -Werror flags active in package builds.
    keep_werror: 'none'
--- a/etc/spack/defaults/darwin/packages.yaml
+++ b/etc/spack/defaults/darwin/packages.yaml
@@ -23,20 +23,8 @@ packages:
    providers:
      elf: [libelf]
      fuse: [macfuse]
      gl: [apple-gl]
      glu: [apple-glu]
      unwind: [apple-libunwind]
      uuid: [apple-libuuid]
  apple-gl:
    buildable: false
    externals:
    - spec: apple-gl@4.1.0
      prefix: /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk
  apple-glu:
    buildable: false
    externals:
    - spec: apple-glu@1.3.0
      prefix: /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk
  apple-libunwind:
    buildable: false
    externals:
--- a/etc/spack/defaults/mirrors.yaml
+++ b/etc/spack/defaults/mirrors.yaml
@@ -1,4 +1,2 @@
 mirrors:
-  spack-public:
+  spack-public: https://mirror.spack.io
    binary: false
    url: https://mirror.spack.io
--- a/etc/spack/defaults/modules.yaml
+++ b/etc/spack/defaults/modules.yaml
@@ -40,12 +40,13 @@ modules:
    roots:
     tcl:    $spack/share/spack/modules
     lmod:   $spack/share/spack/lmod
-    # What type of modules to use ("tcl" and/or "lmod")
+    # What type of modules to use
-    enable: []
+    enable:
      - tcl
    tcl:
      all:
-        autoload: direct
+        autoload: none
    # Default configurations if lmod is enabled
    lmod:
--- a/etc/spack/defaults/packages.yaml
+++ b/etc/spack/defaults/packages.yaml
@@ -20,7 +20,7 @@ packages:
      awk: [gawk]
      blas: [openblas, amdblis]
      D: [ldc]
-      daal: [intel-oneapi-daal]
+      daal: [intel-daal]
      elf: [elfutils]
      fftw-api: [fftw, amdfftw]
      flame: [libflame, amdlibflame]
@@ -28,9 +28,9 @@ packages:
      gl: [glx, osmesa]
      glu: [mesa-glu, openglu]
      golang: [go, gcc]
-      go-or-gccgo-bootstrap: [go-bootstrap, gcc]
+      go-external-or-gccgo-bootstrap: [go-bootstrap, gcc]
      iconv: [libiconv]
-      ipp: [intel-oneapi-ipp]
+      ipp: [intel-ipp]
      java: [openjdk, jdk, ibm-java]
      jpeg: [libjpeg-turbo, libjpeg]
      lapack: [openblas, amdlibflame]
@@ -40,7 +40,7 @@ packages:
      lua-lang: [lua, lua-luajit-openresty, lua-luajit]
      luajit: [lua-luajit-openresty, lua-luajit]
      mariadb-client: [mariadb-c-client, mariadb]
-      mkl: [intel-oneapi-mkl]
+      mkl: [intel-mkl]
      mpe: [mpe2]
      mpi: [openmpi, mpich]
      mysql-client: [mysql, mariadb-c-client]
@@ -49,7 +49,6 @@ packages:
      pbs: [openpbs, torque]
      pil: [py-pillow]
      pkgconfig: [pkgconf, pkg-config]
      qmake: [qt-base, qt]
      rpc: [libtirpc]
      scalapack: [netlib-scalapack, amdscalapack]
      sycl: [hipsycl]
@@ -60,7 +59,6 @@ packages:
      xxd: [xxd-standalone, vim]
      yacc: [bison, byacc]
      ziglang: [zig]
      zlib-api: [zlib-ng+compat, zlib]
    permissions:
      read: world
      write: user
--- a/etc/spack/defaults/windows/config.yaml
+++ b/etc/spack/defaults/windows/config.yaml
@@ -3,4 +3,3 @@ config:
  concretizer: clingo
  build_stage::
    - '$spack/.staging'
  stage_name: '{name}-{version}-{hash:7}'
--- a/etc/spack/defaults/windows/packages.yaml
+++ b/etc/spack/defaults/windows/packages.yaml
@@ -1,22 +0,0 @@
 # -------------------------------------------------------------------------
 # This file controls default concretization preferences for Spack.
 #
 # Settings here are versioned with Spack and are intended to provide
 # sensible defaults out of the box. Spack maintainers should edit this
 # file to keep it current.
 #
 # Users can override these settings by editing the following files.
 #
 # Per-spack-instance settings (overrides defaults):
 #   $SPACK_ROOT/etc/spack/packages.yaml
 #
 # Per-user settings (overrides default and site settings):
 #   ~/.spack/packages.yaml
 # -------------------------------------------------------------------------
 packages:
  all:
    compiler:
    - msvc
    providers:
      mpi: [msmpi]
      gl: [wgl]
--- a/lib/spack/docs/.gitignore
+++ b/lib/spack/docs/.gitignore
@@ -1,7 +1,7 @@
 package_list.html
 command_index.rst
 spack*.rst
 llnl*.rst
 _build
 .spack-env
 spack.lock
 _spack_root
--- a/lib/spack/docs/_pygments/style.py
+++ b/lib/spack/docs/_pygments/style.py
@@ -1,16 +0,0 @@
 # Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 # The name of the Pygments (syntax highlighting) style to use.
 # We use our own extension of the default style with a few modifications
 from pygments.styles.default import DefaultStyle
 from pygments.token import Generic
 class SpackStyle(DefaultStyle):
    styles = DefaultStyle.styles.copy()
    background_color = "#f4f4f8"
    styles[Generic.Output] = "#355"
    styles[Generic.Prompt] = "bold #346ec9"
--- a/lib/spack/docs/analyze.rst
+++ b/lib/spack/docs/analyze.rst
@@ -0,0 +1,162 @@
 .. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _analyze:
 =======
 Analyze
 =======
 The analyze command is a front-end to various tools that let us analyze
 package installations. Each analyzer is a module for a different kind
 of analysis that can be done on a package installation, including (but not
 limited to) binary, log, or text analysis. Thus, the analyze command group
 allows you to take an existing package install, choose an analyzer,
 and extract some output for the package using it.
 -----------------
 Analyzer Metadata
 -----------------
 For all analyzers, we write to an ``analyzers`` folder in ``~/.spack``, or the
 value that you specify in your spack config at ``config:analyzers_dir``. 
 For example, here we see the results of running an analysis on zlib:
 .. code-block:: console
    $ tree ~/.spack/analyzers/
    └── linux-ubuntu20.04-skylake
        └── gcc-9.3.0
            └── zlib-1.2.11-sl7m27mzkbejtkrajigj3a3m37ygv4u2
                ├── environment_variables
                │   └── spack-analyzer-environment-variables.json
                ├── install_files
                │   └── spack-analyzer-install-files.json
                └── libabigail
                    └── spack-analyzer-libabigail-libz.so.1.2.11.xml
 This means that you can always find analyzer output in this folder, and it
 is organized with the same logic as the package install it was run for. 
 If you want to customize this top level folder, simply provide the ``--path``
 argument to ``spack analyze run``. The nested organization will be maintained
 within your custom root.
 -----------------
 Listing Analyzers
 -----------------
 If you aren't familiar with Spack's analyzers, you can quickly list those that 
 are available:
 .. code-block:: console
    $ spack analyze list-analyzers
    install_files            : install file listing read from install_manifest.json
    environment_variables    : environment variables parsed from spack-build-env.txt
    config_args              : config args loaded from spack-configure-args.txt
    libabigail               : Application Binary Interface (ABI) features for objects
 In the above, the first three are fairly simple - parsing metadata files from
 a package install directory to save
 -------------------
 Analyzing a Package
 -------------------
 The analyze command, akin to install, will accept a package spec to perform
 an analysis for. The package must be installed. Let's walk through an example
 with zlib. We first ask to analyze it. However, since we have more than one
 install, we are asked to disambiguate:
 .. code-block:: console
    $ spack analyze run zlib
    ==> Error: zlib matches multiple packages.
      Matching packages:
        fz2bs56 zlib@1.2.11%gcc@7.5.0 arch=linux-ubuntu18.04-skylake
        sl7m27m zlib@1.2.11%gcc@9.3.0 arch=linux-ubuntu20.04-skylake
      Use a more specific spec.
 We can then specify the spec version that we want to analyze:
 .. code-block:: console
    $ spack analyze run zlib/fz2bs56
 If you don't provide any specific analyzer names, by default all analyzers 
 (shown in the ``list-analyzers`` subcommand list) will be run. If an analyzer does not
 have any result, it will be skipped. For example, here is a result running for
 zlib:
 .. code-block:: console
    $ ls ~/.spack/analyzers/linux-ubuntu20.04-skylake/gcc-9.3.0/zlib-1.2.11-sl7m27mzkbejtkrajigj3a3m37ygv4u2/
    spack-analyzer-environment-variables.json
    spack-analyzer-install-files.json
    spack-analyzer-libabigail-libz.so.1.2.11.xml
 If you want to run a specific analyzer, ask for it with `--analyzer`. Here we run
 spack analyze on libabigail (already installed) _using_ libabigail1
 .. code-block:: console
    $ spack analyze run --analyzer abigail libabigail
 .. _analyze_monitoring:
 ----------------------
 Monitoring An Analysis
 ----------------------
 For any kind of analysis, you can
 use a `spack monitor <https://github.com/spack/spack-monitor>`_ "Spackmon"
 as a server to upload the same run metadata to. You can
 follow the instructions in the `spack monitor documentation <https://spack-monitor.readthedocs.org>`_
 to first create a server along with a username and token for yourself.
 You can then use this guide to interact with the server.
 You should first export our spack monitor token and username to the environment:
 .. code-block:: console
    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
    $ export SPACKMON_USER=spacky
 By default, the host for your server is expected to be at ``http://127.0.0.1``
 with a prefix of ``ms1``, and if this is the case, you can simply add the
 ``--monitor`` flag to the install command:
 .. code-block:: console
    $ spack analyze run --monitor wget
 If you need to customize the host or the prefix, you can do that as well:
 .. code-block:: console
    $ spack analyze run --monitor --monitor-prefix monitor --monitor-host https://monitor-service.io wget
 If your server doesn't have authentication, you can skip it:
 .. code-block:: console
    $ spack analyze run --monitor --monitor-disable-auth wget
 Regardless of your choice, when you run analyze on an installed package (whether
 it was installed with ``--monitor`` or not, you'll see the results generating as they did
 before, and a message that the monitor server was pinged:
 .. code-block:: console
    $ spack analyze --monitor wget
    ...
    ==> Sending result for wget bin/wget to monitor.
--- a/lib/spack/docs/basic_usage.rst
+++ b/lib/spack/docs/basic_usage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -45,8 +45,7 @@ Listing available packages
 To install software with Spack, you need to know what software is
 available.  You can see a list of available package names at the
-`packages.spack.io <https://packages.spack.io>`_ website, or
+:ref:`package-list` webpage, or using the ``spack list`` command.
 using the ``spack list`` command.
 .. _cmd-spack-list:
@@ -61,7 +60,7 @@ can install:
   :ellipsis: 10
 There are thousands of them, so we've truncated the output above, but you
-can find a `full list here <https://packages.spack.io>`_.
+can find a :ref:`full list here <package-list>`.
 Packages are listed by name in alphabetical order.
 A pattern to match with no wildcards, ``*`` or ``?``,
 will be treated as though it started and ended with
@@ -943,7 +942,7 @@ first ``libelf`` above, you would run:
   $ spack load /qmm4kso
-To see which packages that you have loaded to your environment you would
+To see which packages that you have loaded to your enviornment you would
 use ``spack find --loaded``.
 .. code-block:: console
@@ -1104,68 +1103,54 @@ Below are more details about the specifiers that you can add to specs.
 Version specifier
 ^^^^^^^^^^^^^^^^^
-A version specifier ``pkg@<specifier>`` comes after a package name
+A version specifier comes somewhere after a package name and starts
-and starts with ``@``. It can be something abstract that matches
+with ``@``.  It can be a single version, e.g. ``@1.0``, ``@3``, or
-multiple known versions, or a specific version. During concretization,
+``@1.2a7``.  Or, it can be a range of versions, such as ``@1.0:1.5``
-Spack will pick the optimal version within the spec's constraints
+(all versions between ``1.0`` and ``1.5``, inclusive).  Version ranges
-according to policies set for the particular Spack installation.
+can be open, e.g. ``:3`` means any version up to and including ``3``.
 This would include ``3.4`` and ``3.4.2``.  ``4.2:`` means any version
 above and including ``4.2``.  Finally, a version specifier can be a
 set of arbitrary versions, such as ``@1.0,1.5,1.7`` (``1.0``, ``1.5``,
 or ``1.7``).  When you supply such a specifier to ``spack install``,
 it constrains the set of versions that Spack will install.
-The version specifier can be *a specific version*, such as ``@=1.0.0`` or
+For packages with a ``git`` attribute, ``git`` references 
-``@=1.2a7``. Or, it can be *a range of versions*, such as ``@1.0:1.5``.
+may be specified instead of a numerical version i.e. branches, tags 
-Version ranges are inclusive, so this example includes both ``1.0``
+and commits. Spack will stage and build based off the ``git`` 
 and any ``1.5.x`` version. Version ranges can be unbounded, e.g. ``@:3``
 means any version up to and including ``3``. This would include ``3.4``
 and ``3.4.2``.  Similarly, ``@4.2:`` means any version above and including
 ``4.2``.  As a short-hand, ``@3`` is equivalent to the range ``@3:3`` and
 includes any version with major version ``3``.
 Notice that you can distinguish between the specific version ``@=3.2`` and
 the range ``@3.2``. This is useful for packages that follow a versioning
 scheme that omits the zero patch version number: ``3.2``, ``3.2.1``,
 ``3.2.2``, etc. In general it is preferable to use the range syntax
 ``@3.2``, since ranges also match versions with one-off suffixes, such as
 ``3.2-custom``.
 A version specifier can also be a list of ranges and specific versions,
 separated by commas.  For example, ``@1.0:1.5,=1.7.1`` matches any version
 in the range ``1.0:1.5`` and the specific version ``1.7.1``.
 For packages with a ``git`` attribute, ``git`` references
 may be specified instead of a numerical version i.e. branches, tags
 and commits. Spack will stage and build based off the ``git``
 reference provided.  Acceptable syntaxes for this are:
 .. code-block:: sh
-
+   
    # commit hashes
   foo@abcdef1234abcdef1234abcdef1234abcdef1234    # 40 character hashes are automatically treated as git commits
   foo@git.abcdef1234abcdef1234abcdef1234abcdef1234
    # branches and tags
   foo@git.develop # use the develop branch
   foo@git.0.19 # use the 0.19 tag
    # commit hashes
   foo@abcdef1234abcdef1234abcdef1234abcdef1234    # 40 character hashes are automatically treated as git commits
   foo@git.abcdef1234abcdef1234abcdef1234abcdef1234
 Spack versions from git reference either have an associated version supplied by the user,
 or infer a relationship to known versions from the structure of the git repository. If an
 associated version is supplied by the user, Spack treats the git version as equivalent to that
 version for all version comparisons in the package logic (e.g. ``depends_on('foo', when='@1.5')``).
-Spack always needs to associate a Spack version with the git reference,
+The associated version can be assigned with ``[git ref]=[version]`` syntax, with the caveat that the specified version is known to Spack from either the package definition, or in the configuration preferences (i.e. ``packages.yaml``).
 which is used for version comparison. This Spack version is heuristically
 taken from the closest valid git tag among ancestors of the git ref.
 Once a Spack version is associated with a git ref, it always printed with
 the git ref.  For example, if the commit ``@git.abcdefg`` is tagged
 ``0.19``, then the spec will be shown as ``@git.abcdefg=0.19``.
 If the git ref is not exactly a tag, then the distance to the nearest tag
 is also part of the resolved version. ``@git.abcdefg=0.19.git.8`` means
 that the commit is 8 commits away from the ``0.19`` tag.
 In cases where Spack cannot resolve a sensible version from a git ref,
 users can specify the Spack version to use for the git ref. This is done
 by appending ``=`` and the Spack version to the git ref. For example:
 .. code-block:: sh
   foo@git.my_ref=3.2 # use the my_ref tag or branch, but treat it as version 3.2 for version comparisons
   foo@git.abcdef1234abcdef1234abcdef1234abcdef1234=develop # use the given commit, but treat it as develop for version comparisons
 If an associated version is not supplied then the tags in the git repo are used to determine
 the most recent previous version known to Spack. Details about how versions are compared
 and how Spack determines if one version is less than another are discussed in the developer guide.
 If the version spec is not provided, then Spack will choose one
 according to policies set for the particular spack installation.  If
 the spec is ambiguous, i.e. it could match multiple versions, Spack
 will choose a version within the spec's constraints according to
 policies set for the particular Spack installation.
 Details about how versions are compared and how Spack determines if
 one version is less than another are discussed in the developer guide.
@@ -1259,8 +1244,8 @@ For example, for the ``stackstart`` variant:
 .. code-block:: sh
-    mpileaks stackstart==4   # variant will be propagated to dependencies
+    mpileaks stackstart=4    # variant will be propagated to dependencies
-    mpileaks stackstart=4    # only mpileaks will have this variant value
+    mpileaks stackstart==4   # only mpileaks will have this variant value
 ^^^^^^^^^^^^^^
 Compiler Flags
@@ -1687,13 +1672,9 @@ own install prefix.  However, certain packages are typically installed
 `Python <https://www.python.org>`_ packages are typically installed in the
 ``$prefix/lib/python-2.7/site-packages`` directory.
-In Spack, installation prefixes are immutable, so this type of installation
+Spack has support for this type of installation as well.  In Spack,
-is not directly supported. However, it is possible to create views that
+a package that can live inside the prefix of another package is called
-allow you to merge install prefixes of multiple packages into a single new prefix.
+an *extension*.  Suppose you have Python installed like so:
 Views are a convenient way to get a more traditional filesystem structure.
 Using *extensions*, you can ensure that Python packages always share the
 same prefix in the view as Python itself. Suppose you have
 Python installed like so:
 .. code-block:: console
@@ -1731,6 +1712,8 @@ You can find extensions for your Python installation like this:
   py-ipython@2.3.1     py-pygments@2.0.1   py-setuptools@11.3.1
   py-matplotlib@1.4.2  py-pyparsing@2.0.3  py-six@1.9.0
   ==> None activated.
 The extensions are a subset of what's returned by ``spack list``, and
 they are packages like any other.  They are installed into their own
 prefixes, and you can see this with ``spack find --paths``:
@@ -1758,72 +1741,32 @@ directly when you run ``python``:
   ImportError: No module named numpy
   >>>
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^
-Using Extensions in Environments
+Using Extensions
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^
-The recommended way of working with extensions such as ``py-numpy``
+There are four ways to get ``numpy`` working in Python.  The first is
-above is through :ref:`Environments <environments>`. For example,
+to use :ref:`shell-support`.  You can simply ``load`` the extension,
-the following creates an environment in the current working directory
+and it will be added to the ``PYTHONPATH`` in your current shell:
 with a filesystem view in the ``./view`` directory:
 .. code-block:: console
   $ spack env create --with-view view --dir .
   $ spack -e . add py-numpy
   $ spack -e . concretize
   $ spack -e . install
 We recommend environments for two reasons. Firstly, environments
 can be activated (requires :ref:`shell-support`):
 .. code-block:: console
   $ spack env activate .
 which sets all the right environment variables such as ``PATH`` and
 ``PYTHONPATH``. This ensures that
 .. code-block:: console
   $ python
   >>> import numpy
 works. Secondly, even without shell support, the view ensures
 that Python can locate its extensions:
 .. code-block:: console
   $ ./view/bin/python
   >>> import numpy
 See :ref:`environments` for a more in-depth description of Spack
 environments and customizations to views.
 ^^^^^^^^^^^^^^^^^^^^
 Using ``spack load``
 ^^^^^^^^^^^^^^^^^^^^
 A more traditional way of using Spack and extensions is ``spack load``
 (requires :ref:`shell-support`). This will add the extension to ``PYTHONPATH``
 in your current shell, and Python itself will be available in the ``PATH``:
 .. code-block:: console
   $ spack load python
   $ spack load py-numpy
   $ python
   >>> import numpy
 Now ``import numpy`` will succeed for as long as you keep your current
 session open.
 The loaded packages can be checked using ``spack find --loaded``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Loading Extensions via Modules
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Apart from ``spack env activate`` and ``spack load``, you can load numpy
+Instead of using Spack's environment modification capabilities through
-through your environment modules (using ``environment-modules`` or
+the ``spack load`` command, you can load numpy through your
-``lmod``). This will also add the extension to the ``PYTHONPATH`` in
+environment modules (using ``environment-modules`` or ``lmod``). This
-your current shell.
+will also add the extension to the ``PYTHONPATH`` in your current
 shell.
 .. code-block:: console
@@ -1833,6 +1776,130 @@ If you do not know the name of the specific numpy module you wish to
 load, you can use the ``spack module tcl|lmod loads`` command to get
 the name of the module from the Spack spec.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Activating Extensions in a View
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Another way to use extensions is to create a view, which merges the
 python installation along with the extensions into a single prefix.
 See :ref:`configuring_environment_views` for a more in-depth description
 of views.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Activating Extensions Globally
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 As an alternative to creating a merged prefix with Python and its extensions,
 and prior to support for views, Spack has provided a means to install the
 extension into the Spack installation prefix for the extendee. This has
 typically been useful since extendable packages typically search their own
 installation path for addons by default.
 Global activations are performed with the ``spack activate`` command:
 .. _cmd-spack-activate:
 ^^^^^^^^^^^^^^^^^^
 ``spack activate``
 ^^^^^^^^^^^^^^^^^^
 .. code-block:: console
   $ spack activate py-numpy
   ==> Activated extension py-setuptools@11.3.1%gcc@4.4.7 arch=linux-debian7-x86_64-3c74eb69 for python@2.7.8%gcc@4.4.7.
   ==> Activated extension py-nose@1.3.4%gcc@4.4.7 arch=linux-debian7-x86_64-5f70f816 for python@2.7.8%gcc@4.4.7.
   ==> Activated extension py-numpy@1.9.1%gcc@4.4.7 arch=linux-debian7-x86_64-66733244 for python@2.7.8%gcc@4.4.7.
 Several things have happened here.  The user requested that
 ``py-numpy`` be activated in the ``python`` installation it was built
 with.  Spack knows that ``py-numpy`` depends on ``py-nose`` and
 ``py-setuptools``, so it activated those packages first.  Finally,
 once all dependencies were activated in the ``python`` installation,
 ``py-numpy`` was activated as well.
 If we run ``spack extensions`` again, we now see the three new
 packages listed as activated:
 .. code-block:: console
   $ spack extensions python
   ==> python@2.7.8%gcc@4.4.7  arch=linux-debian7-x86_64-703c7a96
   ==> 36 extensions:
   geos          py-ipython     py-pexpect    py-pyside            py-sip
   py-basemap    py-libxml2     py-pil        py-pytz              py-six
   py-biopython  py-mako        py-pmw        py-rpy2              py-sympy
   py-cython     py-matplotlib  py-pychecker  py-scientificpython  py-virtualenv
   py-dateutil   py-mpi4py      py-pygments   py-scikit-learn
   py-epydoc     py-mx          py-pylint     py-scipy
   py-gnuplot    py-nose        py-pyparsing  py-setuptools
   py-h5py       py-numpy       py-pyqt       py-shiboken
   ==> 12 installed:
   -- linux-debian7-x86_64 / gcc@4.4.7 --------------------------------
   py-dateutil@2.4.0    py-nose@1.3.4       py-pyside@1.2.2
   py-dateutil@2.4.0    py-numpy@1.9.1      py-pytz@2014.10
   py-ipython@2.3.1     py-pygments@2.0.1   py-setuptools@11.3.1
   py-matplotlib@1.4.2  py-pyparsing@2.0.3  py-six@1.9.0
   ==> 3 currently activated:
   -- linux-debian7-x86_64 / gcc@4.4.7 --------------------------------
   py-nose@1.3.4  py-numpy@1.9.1  py-setuptools@11.3.1
 Now, when a user runs python, ``numpy`` will be available for import
 *without* the user having to explicitly load it.  ``python@2.7.8`` now
 acts like a system Python installation with ``numpy`` installed inside
 of it.
 Spack accomplishes this by symbolically linking the *entire* prefix of
 the ``py-numpy`` package into the prefix of the ``python`` package.  To the
 python interpreter, it looks like ``numpy`` is installed in the
 ``site-packages`` directory.
 The only limitation of global activation is that you can only have a *single*
 version of an extension activated at a time.  This is because multiple
 versions of the same extension would conflict if symbolically linked
 into the same prefix.  Users who want a different version of a package
 can still get it by using environment modules or views, but they will have to
 explicitly load their preferred version.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 ``spack activate --force``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 If, for some reason, you want to activate a package *without* its
 dependencies, you can use ``spack activate --force``:
 .. code-block:: console
   $ spack activate --force py-numpy
   ==> Activated extension py-numpy@1.9.1%gcc@4.4.7 arch=linux-debian7-x86_64-66733244 for python@2.7.8%gcc@4.4.7.
 .. _cmd-spack-deactivate:
 ^^^^^^^^^^^^^^^^^^^^
 ``spack deactivate``
 ^^^^^^^^^^^^^^^^^^^^
 We've seen how activating an extension can be used to set up a default
 version of a Python module.  Obviously, you may want to change that at
 some point.  ``spack deactivate`` is the command for this.  There are
 several variants:
 * ``spack deactivate <extension>`` will deactivate a single
  extension.  If another activated extension depends on this one,
  Spack will warn you and exit with an error.
 * ``spack deactivate --force <extension>`` deactivates an extension
  regardless of packages that depend on it.
 * ``spack deactivate --all <extension>`` deactivates an extension and
  all of its dependencies.  Use ``--force`` to disregard dependents.
 * ``spack deactivate --all <extendee>`` deactivates *all* activated
  extensions of a package.  For example, to deactivate *all* python
  extensions, use:
  .. code-block:: console
     $ spack deactivate --all python
 -----------------------
 Filesystem requirements
 -----------------------
--- a/lib/spack/docs/binary_caches.rst
+++ b/lib/spack/docs/binary_caches.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -13,47 +13,49 @@ Some sites may encourage users to set up their own test environments
 before carrying out central installations, or some users may prefer to set
 up these environments on their own motivation. To reduce the load of
 recompiling otherwise identical package specs in different installations,
-installed packages can be put into build cache tarballs, pushed to
+installed packages can be put into build cache tarballs, uploaded to
 your Spack mirror and then downloaded and installed by others.
 Whenever a mirror provides prebuilt packages, Spack will take these packages
 into account during concretization and installation, making ``spack install``
 significantly faster.
 --------------------------
 Creating build cache files
 --------------------------
-.. note::
+A compressed tarball of an installed package is created. Tarballs are created
-
+for all of its link and run dependency packages as well. Compressed tarballs are
-    We use the terms "build cache" and "mirror" often interchangeably. Mirrors
+signed with gpg and signature and tarball and put in a ``.spack`` file. Optionally,
-    are used during installation both for sources and prebuilt packages. Build
+the rpaths (and ids and deps on macOS) can be changed to paths relative to
-    caches refer to mirrors that provide prebuilt packages.
+the Spack install tree before the tarball is created.
 ----------------------
 Creating a build cache
 ----------------------
 Build caches are created via:
 .. code-block:: console
-    $ spack buildcache push <path/url/mirror name> <spec>
+    $ spack buildcache create <spec>
 This command takes the locally installed spec and its dependencies, and
 creates tarballs of their install prefixes. It also generates metadata files,
 signed with GPG. These tarballs and metadata files are then pushed to the
 provided binary cache, which can be a local directory or a remote URL.
-Here is an example where a build cache is created in a local directory named
+If you wanted to create a build cache in a local directory, you would provide
-"spack-cache", to which we push the "ninja" spec:
+the ``-d`` argument to target that directory, again also specifying the spec.
 Here is an example creating a local directory, "spack-cache" and creating
 build cache files for the "ninja" spec:
 .. code-block:: console
-    $ spack buildcache push ./spack-cache ninja
+    $ mkdir -p ./spack-cache
-    ==> Pushing binary packages to file:///home/spackuser/spack/spack-cache/build_cache
+    $ spack buildcache create -d ./spack-cache ninja
    ==> Buildcache files will be output to file:///home/spackuser/spack/spack-cache/build_cache
    gpgconf: socketdir is '/run/user/1000/gnupg'
    gpg: using "E6DF6A8BD43208E4D6F392F23777740B7DBD643D" as default secret key for signing
-Note that ``ninja`` must be installed locally for this to work.
+Note that the targeted spec must already be installed. Once you have a build cache,
 you can add it as a mirror, discussed next.
-Once you have a build cache, you can add it as a mirror, discussed next.
+.. warning::
   Spack improved the format used for binary caches in v0.18. The entire v0.18 series
   will be able to verify and install binary caches both in the new and in the old format.
   Support for using the old format is expected to end in v0.19, so we advise users to
   recreate relevant buildcaches using Spack v0.18 or higher.
 ---------------------------------------
 Finding or installing build cache files
@@ -64,10 +66,10 @@ with:
 .. code-block:: console
-    $ spack mirror add <name> <url or path>
+    $ spack mirror add <name> <url>
-Both web URLs and local paths on the filesystem can be specified. In the previous
+Note that the url can be a web url _or_ a local filesystem location. In the previous
 example, you might add the directory "spack-cache" and call it ``mymirror``:
@@ -92,7 +94,7 @@ this new build cache as follows:
 .. code-block:: console
-    $ spack buildcache update-index ./spack-cache
+    $ spack buildcache update-index -d spack-cache/
 Now you can use list:
@@ -103,38 +105,46 @@ Now you can use list:
    -- linux-ubuntu20.04-skylake / gcc@9.3.0 ------------------------
    ninja@1.10.2
-With ``mymirror`` configured and an index available, Spack will automatically
+
-use it during concretization and installation. That means that you can expect
+Great! So now let's say you have a different spack installation, or perhaps just
-``spack install ninja`` to fetch prebuilt packages from the mirror. Let's
+a different environment for the same one, and you want to install a package from
-verify by re-installing ninja:
+that build cache. Let's first uninstall the actual library "ninja" to see if we can
 re-install it from the cache.
 .. code-block:: console
    $ spack uninstall ninja
    $ spack install ninja
    ==> Installing ninja-1.11.1-yxferyhmrjkosgta5ei6b4lqf6bxbscz
    ==> Fetching file:///home/spackuser/spack/spack-cache/build_cache/linux-ubuntu20.04-skylake-gcc-9.3.0-ninja-1.10.2-yxferyhmrjkosgta5ei6b4lqf6bxbscz.spec.json.sig
    gpg: Signature made Do 12 Jan 2023 16:01:04 CET
    gpg:                using RSA key 61B82B2B2350E171BD17A1744E3A689061D57BF6
    gpg: Good signature from "example (GPG created for Spack) <example@example.com>" [ultimate]
    ==> Fetching file:///home/spackuser/spack/spack-cache/build_cache/linux-ubuntu20.04-skylake/gcc-9.3.0/ninja-1.10.2/linux-ubuntu20.04-skylake-gcc-9.3.0-ninja-1.10.2-yxferyhmrjkosgta5ei6b4lqf6bxbscz.spack
    ==> Extracting ninja-1.10.2-yxferyhmrjkosgta5ei6b4lqf6bxbscz from binary cache
    ==> ninja: Successfully installed ninja-1.11.1-yxferyhmrjkosgta5ei6b4lqf6bxbscz
    Search: 0.00s.  Fetch: 0.17s.  Install: 0.12s.  Total: 0.29s
    [+] /home/harmen/spack/opt/spack/linux-ubuntu20.04-skylake/gcc-9.3.0/ninja-1.11.1-yxferyhmrjkosgta5ei6b4lqf6bxbscz
-It worked! You've just completed a full example of creating a build cache with
+And now reinstall from the buildcache
 a spec of interest, adding it as a mirror, updating its index, listing the contents,
 and finally, installing from it.
 By default Spack falls back to building from sources when the mirror is not available
 or when the package is simply not already available. To force Spack to only install
 prebuilt packages, you can use
 .. code-block:: console
-   $ spack install --use-buildcache only <package>
+    $ spack buildcache install ninja
    ==> buildcache spec(s) matching ninja 
    ==> Fetching file:///home/spackuser/spack/spack-cache/build_cache/linux-ubuntu20.04-skylake/gcc-9.3.0/ninja-1.10.2/linux-ubuntu20.04-skylake-gcc-9.3.0-ninja-1.10.2-i4e5luour7jxdpc3bkiykd4imke3mkym.spack
    ####################################################################################################################################### 100.0%
    ==> Installing buildcache for spec ninja@1.10.2%gcc@9.3.0 arch=linux-ubuntu20.04-skylake
    gpgconf: socketdir is '/run/user/1000/gnupg'
    gpg: Signature made Tue 23 Mar 2021 10:16:29 PM MDT
    gpg:                using RSA key E6DF6A8BD43208E4D6F392F23777740B7DBD643D
    gpg: Good signature from "spackuser (GPG created for Spack) <spackuser@noreply.users.github.com>" [ultimate]
 It worked! You've just completed a full example of creating a build cache with
 a spec of interest, adding it as a mirror, updating it's index, listing the contents,
 and finally, installing from it.
 Note that the above command is intended to install a particular package to a
 build cache you have created, and not to install a package from a build cache.
 For the latter, once a mirror is added, by default when you do ``spack install`` the ``--use-cache``
 flag is set, and you will install a package from a build cache if it is available.
 If you want to always use the cache, you can do:
 .. code-block:: console
   $ spack install --cache-only <package>
 For example, to combine all of the commands above to add the E4S build cache
 and then install from it exclusively, you would do:
@@ -143,7 +153,7 @@ and then install from it exclusively, you would do:
    $ spack mirror add E4S https://cache.e4s.io
    $ spack buildcache keys --install --trust
-    $ spack install --use-buildcache only <package>
+    $ spack install --cache-only <package>
 We use ``--install`` and ``--trust`` to say that we are installing keys to our
 keyring, and trusting all downloaded keys.
@@ -173,7 +183,7 @@ need to be adjusted for better re-locatability.
 --------------------
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
-``spack buildcache push``
+``spack buildcache create``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Create tarball of installed Spack package and all dependencies.
--- a/lib/spack/docs/bootstrapping.rst
+++ b/lib/spack/docs/bootstrapping.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -32,14 +32,9 @@ can't be found. You can readily check if any prerequisite for using Spack is mis
   Spack will take care of bootstrapping any missing dependency marked as [B]. Dependencies marked as [-] are instead required to be found on the system.
   % echo $?
   1
 In the case of the output shown above Spack detected that both ``clingo`` and ``gnupg``
 are missing and it's giving detailed information on why they are needed and whether
-they can be bootstrapped. The return code of this command summarizes the results, if any
+they can be bootstrapped. Running a command that concretize a spec, like:
 dependencies are missing the return code is ``1``, otherwise ``0``. Running a command that
 concretizes a spec, like:
 .. code-block:: console
@@ -49,7 +44,7 @@ concretizes a spec, like:
   ==> Installing "clingo-bootstrap@spack%apple-clang@12.0.0~docs~ipo+python build_type=Release arch=darwin-catalina-x86_64" from a buildcache
   [ ... ]
-automatically triggers the bootstrapping of clingo from pre-built binaries as expected.
+triggers the bootstrapping of clingo from pre-built binaries as expected.
 Users can also bootstrap all the dependencies needed by Spack in a single command, which
 might be useful to setup containers or other similar environments:
--- a/lib/spack/docs/build_settings.rst
+++ b/lib/spack/docs/build_settings.rst
@@ -1,105 +1,8 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _concretizer-options:
 ==========================================
 Concretization Settings (concretizer.yaml)
 ==========================================
 The ``concretizer.yaml`` configuration file allows to customize aspects of the
 algorithm used to select the dependencies you install. The default configuration
 is the following:
 .. literalinclude:: _spack_root/etc/spack/defaults/concretizer.yaml
   :language: yaml
 --------------------------------
 Reuse already installed packages
 --------------------------------
 The ``reuse`` attribute controls whether Spack will prefer to use installed packages (``true``), or
 whether it will do a "fresh" installation and prefer the latest settings from
 ``package.py`` files and ``packages.yaml`` (``false``).
 You can use:
 .. code-block:: console
   % spack install --reuse <spec>
 to enable reuse for a single installation, and you can use:
 .. code-block:: console
   spack install --fresh <spec>
 to do a fresh install if ``reuse`` is enabled by default.
 ``reuse: true`` is the default.
 ------------------------------------------
 Selection of the target microarchitectures
 ------------------------------------------
 The options under the ``targets`` attribute control which targets are considered during a solve.
 Currently the options in this section are only configurable from the ``concretizer.yaml`` file
 and there are no corresponding command line arguments to enable them for a single solve.
 The ``granularity`` option can take two possible values: ``microarchitectures`` and ``generic``.
 If set to:
 .. code-block:: yaml
   concretizer:
     targets:
       granularity: microarchitectures
 Spack will consider all the microarchitectures known to ``archspec`` to label nodes for
 compatibility. If instead the option is set to:
 .. code-block:: yaml
   concretizer:
     targets:
       granularity: generic
 Spack will consider only generic microarchitectures. For instance, when running on an
 Haswell node, Spack will consider ``haswell`` as the best target in the former case and
 ``x86_64_v3`` as the best target in the latter case.
 The ``host_compatible`` option is a Boolean option that determines whether or not the
 microarchitectures considered during the solve are constrained to be compatible with the
 host Spack is currently running on. For instance, if this option is set to ``true``, a
 user cannot concretize for ``target=icelake`` while running on an Haswell node.
 ---------------
 Duplicate nodes
 ---------------
 The ``duplicates`` attribute controls whether the DAG can contain multiple configurations of
 the same package. This is mainly relevant for build dependencies, which may have their version
 pinned by some nodes, and thus be required at different versions by different nodes in the same
 DAG.
 The ``strategy`` option controls how the solver deals with duplicates. If the value is ``none``,
 then a single configuration per package is allowed in the DAG. This means, for instance, that only
 a single ``cmake`` or a single ``py-setuptools`` version is allowed. The result would be a slightly
 faster concretization, at the expense of making a few specs unsolvable.
 If the value is ``minimal`` Spack will allow packages tagged as ``build-tools`` to have duplicates.
 This allows, for instance, to concretize specs whose nodes require different, and incompatible, ranges
 of some build tool. For instance, in the figure below the latest `py-shapely` requires a newer `py-setuptools`,
 while `py-numpy` still needs an older version:
 .. figure::  images/shapely_duplicates.svg
   :scale: 70 %
   :align: center
 Up to Spack v0.20 ``duplicates:strategy:none`` was the default (and only) behavior. From Spack v0.21 the
 default behavior is ``duplicates:strategy:minimal``.
 .. _build-settings:
 ================================
@@ -329,122 +232,192 @@ Specific limitations include:
  then Spack will not add a new external entry (``spack config blame packages``
  can help locate all external entries).
 .. _concretizer-options:
 ----------------------
 Concretizer options
 ----------------------
 ``packages.yaml`` gives the concretizer preferences for specific packages,
 but you can also use ``concretizer.yaml`` to customize aspects of the
 algorithm it uses to select the dependencies you install:
 .. literalinclude:: _spack_root/etc/spack/defaults/concretizer.yaml
   :language: yaml
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Reuse already installed packages
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The ``reuse`` attribute controls whether Spack will prefer to use installed packages (``true``), or
 whether it will do a "fresh" installation and prefer the latest settings from
 ``package.py`` files and ``packages.yaml`` (``false``).
 You can use:
 .. code-block:: console
   % spack install --reuse <spec>
 to enable reuse for a single installation, and you can use:
 .. code-block:: console
   spack install --fresh <spec>
 to do a fresh install if ``reuse`` is enabled by default.
 ``reuse: true`` is the default.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Selection of the target microarchitectures
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The options under the ``targets`` attribute control which targets are considered during a solve.
 Currently the options in this section are only configurable from the ``concretization.yaml`` file
 and there are no corresponding command line arguments to enable them for a single solve.
 The ``granularity`` option can take two possible values: ``microarchitectures`` and ``generic``.
 If set to:
 .. code-block:: yaml
   concretizer:
     targets:
       granularity: microarchitectures
 Spack will consider all the microarchitectures known to ``archspec`` to label nodes for
 compatibility. If instead the option is set to:
 .. code-block:: yaml
   concretizer:
     targets:
       granularity: generic
 Spack will consider only generic microarchitectures. For instance, when running on an
 Haswell node, Spack will consider ``haswell`` as the best target in the former case and
 ``x86_64_v3`` as the best target in the latter case.
 The ``host_compatible`` option is a Boolean option that determines whether or not the
 microarchitectures considered during the solve are constrained to be compatible with the
 host Spack is currently running on. For instance, if this option is set to ``true``, a
 user cannot concretize for ``target=icelake`` while running on an Haswell node.
 .. _package-preferences:
 -------------------
 Package Preferences
 -------------------
 Spack can be configured to prefer certain compilers, package
 versions, dependencies, and variants during concretization.
 The preferred configuration can be controlled via the
 ``~/.spack/packages.yaml`` file for user configurations, or the
 ``etc/spack/packages.yaml`` site configuration.
 Here's an example ``packages.yaml`` file that sets preferred packages:
 .. code-block:: yaml
   packages:
     opencv:
       compiler: [gcc@4.9]
       variants: +debug
     gperftools:
       version: [2.2, 2.4, 2.3]
     all:
       compiler: [gcc@4.4.7, 'gcc@4.6:', intel, clang, pgi]
       target: [sandybridge]
       providers:
         mpi: [mvapich2, mpich, openmpi]
 At a high level, this example is specifying how packages should be
 concretized.  The opencv package should prefer using GCC 4.9 and
 be built with debug options.  The gperftools package should prefer version
 2.2 over 2.4.  Every package on the system should prefer mvapich2 for
 its MPI and GCC 4.4.7 (except for opencv, which overrides this by preferring GCC 4.9).
 These options are used to fill in implicit defaults.  Any of them can be overwritten
 on the command line if explicitly requested.
 Each ``packages.yaml`` file begins with the string ``packages:`` and
 package names are specified on the next level. The special string ``all``
 applies settings to *all* packages. Underneath each package name is one
 or more components: ``compiler``, ``variants``, ``version``,
 ``providers``, and ``target``.  Each component has an ordered list of
 spec ``constraints``, with earlier entries in the list being preferred
 over later entries.
 Sometimes a package installation may have constraints that forbid
 the first concretization rule, in which case Spack will use the first
 legal concretization rule.  Going back to the example, if a user
 requests gperftools 2.3 or later, then Spack will install version 2.4
 as the 2.4 version of gperftools is preferred over 2.3.
 An explicit concretization rule in the preferred section will always
 take preference over unlisted concretizations.  In the above example,
 xlc isn't listed in the compiler list.  Every listed compiler from
 gcc to pgi will thus be preferred over the xlc compiler.
 The syntax for the ``provider`` section differs slightly from other
 concretization rules.  A provider lists a value that packages may
 ``depend_on`` (e.g, MPI) and a list of rules for fulfilling that
 dependency.
 .. _package-requirements:
 --------------------
 Package Requirements
 --------------------
-Spack can be configured to always use certain compilers, package
+You can use the configuration to force the concretizer to choose
-versions, and variants during concretization through package
+specific properties for packages when building them. Like preferences,
-requirements.
+these are only applied when the package is required by some other
 request (e.g. if the package is needed as a dependency of a
 request to ``spack install``).
-Package requirements are useful when you find yourself repeatedly
+An example of where this is useful is if you have a package that
-specifying the same constraints on the command line, and wish that
+is normally built as a dependency but only under certain circumstances
-Spack respects these constraints whether you mention them explicitly
+(e.g. only when a variant on a dependent is active): you can make
-or not. Another use case is specifying constraints that should apply
+sure that it always builds the way you want it to; this distinguishes
-to all root specs in an environment, without having to repeat the
+package configuration requirements from constraints that you add to
-constraint everywhere.
+``spack install`` or to environments (in those cases, the associated
 packages are always built).
-Apart from that, requirements config is more flexible than constraints
+The following is an example of how to enforce package properties in
-on the command line, because it can specify constraints on packages
+``packages.yaml``:
 *when they occur* as a dependency. In contrast, on the command line it
 is not possible to specify constraints on dependencies while also keeping
 those dependencies optional.
 ^^^^^^^^^^^^^^^^^^^
 Requirements syntax
 ^^^^^^^^^^^^^^^^^^^
 The package requirements configuration is specified in ``packages.yaml``,
 keyed by package name and expressed using the Spec syntax. In the simplest
 case you can specify attributes that you always want the package to have
 by providing a single spec string to ``require``:
 .. code-block:: yaml
   packages:
     libfabric:
       require: "@1.13.2"
 In the above example, ``libfabric`` will always build with version 1.13.2. If you
 need to compose multiple configuration scopes ``require`` accepts a list of
 strings:
 .. code-block:: yaml
   packages:
     libfabric:
       require:
       - "@1.13.2"
       - "%gcc"
 In this case ``libfabric`` will always build with version 1.13.2 **and** using GCC
 as a compiler.
 For more complex use cases, require accepts also a list of objects. These objects
 must have either a ``any_of`` or a ``one_of`` field, containing a list of spec strings,
 and they can optionally have a ``when`` and a ``message`` attribute:
 .. code-block:: yaml
   packages:
     openmpi:
       require:
-       - any_of: ["@4.1.5", "%gcc"]
+       - any_of: ["~cuda", "%gcc"]
         message: "in this example only 4.1.5 can build with other compilers"
 ``any_of`` is a list of specs. One of those specs must be satisfied
 and it is also allowed for the concretized spec to match more than one.
 In the above example, that means you could build ``openmpi@4.1.5%gcc``,
 ``openmpi@4.1.5%clang`` or ``openmpi@3.9%gcc``, but
 not ``openmpi@3.9%clang``.
 If a custom message is provided, and the requirement is not satisfiable,
 Spack will print the custom error message:
 .. code-block:: console
   $ spack spec openmpi@3.9%clang
   ==> Error: in this example only 4.1.5 can build with other compilers
 We could express a similar requirement using the ``when`` attribute:
 .. code-block:: yaml
   packages:
     openmpi:
       require:
       - any_of: ["%gcc"]
         when: "@:4.1.4"
         message: "in this example only 4.1.5 can build with other compilers"
 In the example above, if the version turns out to be 4.1.4 or less, we require the compiler to be GCC.
 For readability, Spack also allows a ``spec`` key accepting a string when there is only a single
 constraint:
 .. code-block:: yaml
   packages:
     openmpi:
       require:
       - spec: "%gcc"
         when: "@:4.1.4"
         message: "in this example only 4.1.5 can build with other compilers"
 This code snippet and the one before it are semantically equivalent.
 Finally, instead of ``any_of`` you can use ``one_of`` which also takes a list of specs. The final
 concretized spec must match one and only one of them:
 .. code-block:: yaml
   packages:
     mpich:
-       require:
+      require:
-       - one_of: ["+cuda", "+rocm"]
+      - one_of: ["+cuda", "+rocm"]
-In the example above, that means you could build ``mpich+cuda`` or ``mpich+rocm`` but not ``mpich+cuda+rocm``.
+Requirements are expressed using Spec syntax (the same as what is provided
 to ``spack install``). In the simplest case, you can specify attributes
 that you always want the package to have by providing a single spec to
 ``require``; in the above example, ``libfabric`` will always build
 with version 1.13.2.
 You can provide a more-relaxed constraint and allow the concretizer to
 choose between a set of options using ``any_of`` or ``one_of``:
 * ``any_of`` is a list of specs. One of those specs must be satisfied
  and it is also allowed for the concretized spec to match more than one.
  In the above example, that means you could build ``openmpi+cuda%gcc``,
  ``openmpi~cuda%clang`` or ``openmpi~cuda%gcc`` (in the last case,
  note that both specs in the ``any_of`` for ``openmpi`` are
  satisfied).
 * ``one_of`` is also a list of specs, and the final concretized spec
  must match exactly one of them.  In the above example, that means
  you could build ``mpich+cuda`` or ``mpich+rocm`` but not
  ``mpich+cuda+rocm`` (note the current package definition for
  ``mpich`` already includes a conflict, so this is redundant but
  still demonstrates the concept).
 .. note::
@@ -452,13 +425,6 @@ In the example above, that means you could build ``mpich+cuda`` or ``mpich+rocm`
   preference: items that appear earlier in the list are preferred
   (note that these preferences can be ignored in favor of others).
 .. note::
   When using a conditional requirement, Spack is allowed to actively avoid the triggering
   condition (the ``when=...`` spec) if that leads to a concrete spec with better scores in
   the optimization criteria. To check the current optimization criteria and their
   priorities you can run ``spack solve zlib``.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Setting default requirements
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -486,15 +452,15 @@ under ``all`` are disregarded. For example, with a configuration like this:
     cmake:
       require: '%gcc'
-Spack requires ``cmake`` to use ``gcc`` and all other nodes (including ``cmake``
+Spack requires ``cmake`` to use ``gcc`` and all other nodes (including cmake dependencies)
-dependencies) to use ``clang``.
+to use ``clang``.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Setting requirements on virtual specs
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-A requirement on a virtual spec applies whenever that virtual is present in the DAG.
+A requirement on a virtual spec applies whenever that virtual is present in the DAG. This
-This can be useful for fixing which virtual provider you want to use:
+can be useful for fixing which virtual provider you want to use:
 .. code-block:: yaml
@@ -504,8 +470,8 @@ This can be useful for fixing which virtual provider you want to use:
 With the configuration above the only allowed ``mpi`` provider is ``mvapich2 %gcc``.
-Requirements on the virtual spec and on the specific provider are both applied, if
+Requirements on the virtual spec and on the specific provider are both applied, if present. For
-present. For instance with a configuration like:
+instance with a configuration like:
 .. code-block:: yaml
@@ -517,66 +483,6 @@ present. For instance with a configuration like:
 you will use ``mvapich2~cuda %gcc`` as an ``mpi`` provider.
 .. _package-preferences:
 -------------------
 Package Preferences
 -------------------
 In some cases package requirements can be too strong, and package
 preferences are the better option. Package preferences do not impose
 constraints on packages for particular versions or variants values,
 they rather only set defaults -- the concretizer is free to change
 them if it must due to other constraints. Also note that package
 preferences are of lower priority than reuse of already installed
 packages.
 Here's an example ``packages.yaml`` file that sets preferred packages:
 .. code-block:: yaml
   packages:
     opencv:
       compiler: [gcc@4.9]
       variants: +debug
     gperftools:
       version: [2.2, 2.4, 2.3]
     all:
       compiler: [gcc@4.4.7, 'gcc@4.6:', intel, clang, pgi]
       target: [sandybridge]
       providers:
         mpi: [mvapich2, mpich, openmpi]
 At a high level, this example is specifying how packages are preferably
 concretized.  The opencv package should prefer using GCC 4.9 and
 be built with debug options.  The gperftools package should prefer version
 2.2 over 2.4.  Every package on the system should prefer mvapich2 for
 its MPI and GCC 4.4.7 (except for opencv, which overrides this by preferring GCC 4.9).
 These options are used to fill in implicit defaults.  Any of them can be overwritten
 on the command line if explicitly requested.
 Package preferences accept the follow keys or components under
 the specific package (or ``all``) section: ``compiler``, ``variants``,
 ``version``, ``providers``, and ``target``.  Each component has an
 ordered list of spec ``constraints``, with earlier entries in the
 list being preferred over later entries.
 Sometimes a package installation may have constraints that forbid
 the first concretization rule, in which case Spack will use the first
 legal concretization rule.  Going back to the example, if a user
 requests gperftools 2.3 or later, then Spack will install version 2.4
 as the 2.4 version of gperftools is preferred over 2.3.
 An explicit concretization rule in the preferred section will always
 take preference over unlisted concretizations.  In the above example,
 xlc isn't listed in the compiler list.  Every listed compiler from
 gcc to pgi will thus be preferred over the xlc compiler.
 The syntax for the ``provider`` section differs slightly from other
 concretization rules.  A provider lists a value that packages may
 ``depends_on`` (e.g, MPI) and a list of rules for fulfilling that
 dependency.
 .. _package_permissions:
 -------------------
@@ -625,25 +531,3 @@ directories inside the install prefix. This will ensure that even
 manually placed files within the install prefix are owned by the
 assigned group. If no group is assigned, Spack will allow the OS
 default behavior to go as expected.
 ----------------------------
 Assigning Package Attributes
 ----------------------------
 You can assign class-level attributes in the configuration:
 .. code-block:: yaml
  packages:
    mpileaks:
      # Override existing attributes
      url: http://www.somewhereelse.com/mpileaks-1.0.tar.gz
      # ... or add new ones
      x: 1
 Attributes set this way will be accessible to any method executed
 in the package.py file (e.g. the ``install()`` method). Values for these
 attributes may be any value parseable by yaml.
 These can only be applied to specific packages, not "all" or
 virtual packages.
--- a/lib/spack/docs/build_systems.rst
+++ b/lib/spack/docs/build_systems.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/autotoolspackage.rst
+++ b/lib/spack/docs/build_systems/autotoolspackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/bundlepackage.rst
+++ b/lib/spack/docs/build_systems/bundlepackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -9,32 +9,9 @@
 Bundle
 ------
-``BundlePackage`` represents a set of packages that are expected to work
+``BundlePackage`` represents a set of packages that are expected to work well
-well together, such as a collection of commonly used software libraries.
+together, such as a collection of commonly used software libraries.  The
-The associated software is specified as dependencies.
+associated software is specified as bundle dependencies.
 If it makes sense, variants, conflicts, and requirements can be added to
 the package. :ref:`Variants <variants>` ensure that common build options
 are consistent across the packages supporting them.  :ref:`Conflicts
 and requirements <packaging_conflicts>` prevent attempts to build with known
 bugs or limitations.
 For example, if ``MyBundlePackage`` is known to only build on ``linux``,
 it could use the ``require`` directive as follows:
 .. code-block:: python
    require("platform=linux", msg="MyBundlePackage only builds on linux")
 Spack has a number of built-in bundle packages, such as:
 * `AmdAocl <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/amd-aocl/package.py>`_
 * `EcpProxyApps <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/ecp-proxy-apps/package.py>`_
 * `Libc <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/libc/package.py>`_
 * `Xsdk <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/xsdk/package.py>`_
 where ``Xsdk`` also inherits from ``CudaPackage`` and ``RocmPackage`` and
 ``Libc`` is a virtual bundle package for the C standard library.
 ^^^^^^^^
--- a/lib/spack/docs/build_systems/cachedcmakepackage.rst
+++ b/lib/spack/docs/build_systems/cachedcmakepackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _cachedcmakepackage:
-----------
+------------------
-CachedCMake
+CachedCMakePackage
-----------
+------------------
 The CachedCMakePackage base class is used for CMake-based workflows
 that create a CMake cache file prior to running ``cmake``. This is
--- a/lib/spack/docs/build_systems/cmakepackage.rst
+++ b/lib/spack/docs/build_systems/cmakepackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/cudapackage.rst
+++ b/lib/spack/docs/build_systems/cudapackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _cudapackage:
----
+-----------
-Cuda
+CudaPackage
----
+-----------
 Different from other packages, ``CudaPackage`` does not represent a build system.
 Instead its goal is to simplify and unify usage of ``CUDA`` in other packages by providing a `mixin-class <https://en.wikipedia.org/wiki/Mixin>`_.
@@ -28,14 +28,11 @@ This package provides the following variants:
 * **cuda_arch**
-  This variant supports the optional specification of one or multiple architectures.
+  This variant supports the optional specification of the architecture.
  Valid values are maintained in the ``cuda_arch_values`` property and
  are the numeric character equivalent of the compute capability version
  (e.g., '10' for version 1.0). Each provided value affects associated
  ``CUDA`` dependencies and compiler conflicts.
  The variant builds both PTX code for the _virtual_ architecture
  (e.g. ``compute_10``) and binary code for the _real_ architecture (e.g. ``sm_10``).
  GPUs and their compute capability versions are listed at
  https://developer.nvidia.com/cuda-gpus .
@@ -83,7 +80,7 @@ standard CUDA compiler flags.
 **cuda_flags**
-    This built-in static method returns a list of command line flags
+    This built-in static method returns a list of command line flags 
    for the chosen ``cuda_arch`` value(s).  The flags are intended to
    be passed to the CUDA compiler driver (i.e., ``nvcc``).
--- a/lib/spack/docs/build_systems/custompackage.rst
+++ b/lib/spack/docs/build_systems/custompackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/inteloneapipackage.rst
+++ b/lib/spack/docs/build_systems/inteloneapipackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -6,9 +6,9 @@
 .. _inteloneapipackage:
-===========
+====================
-IntelOneapi
+ IntelOneapiPackage
-===========
+====================
 .. contents::
@@ -25,8 +25,8 @@ use Spack to build packages with the tools.
 The Spack Python class ``IntelOneapiPackage`` is a base class that is
 used by ``IntelOneapiCompilers``, ``IntelOneapiMkl``,
 ``IntelOneapiTbb`` and other classes to implement the oneAPI
-packages. Search for ``oneAPI`` at `<packages.spack.io>`_ for the full
+packages. See the :ref:`package-list` for the full list of available
-list of available oneAPI packages, or use::
+oneAPI packages or use::
  spack list -d oneAPI
@@ -36,7 +36,7 @@ For more information on a specific package, do::
 Intel no longer releases new versions of Parallel Studio, which can be
 used in Spack via the :ref:`intelpackage`. All of its components can
-now be found in oneAPI.
+now be found in oneAPI. 
 Examples
 ========
@@ -76,55 +76,6 @@ To build with with ``icx``, do ::
  spack install patchelf%oneapi
 Using oneAPI Spack environment
 -------------------------------
 In this example, we build lammps with ``icx`` using Spack environment for oneAPI packages created by Intel. The
 compilers are installed with Spack like in example above.
 Install the oneAPI compilers::
  spack install intel-oneapi-compilers
 Add the compilers to your ``compilers.yaml`` so Spack can use them::
  spack compiler add `spack location -i intel-oneapi-compilers`/compiler/latest/linux/bin/intel64
  spack compiler add `spack location -i intel-oneapi-compilers`/compiler/latest/linux/bin
 Verify that the compilers are available::
  spack compiler list
 Clone `spack-configs <https://github.com/spack/spack-configs>`_ repo and activate Intel oneAPI CPU environment::
  git clone https://github.com/spack/spack-configs
  spack env activate spack-configs/INTEL/CPU
  spack concretize -f
 `Intel oneAPI CPU environment <https://github.com/spack/spack-configs/blob/main/INTEL/CPU/spack.yaml>`_  contains applications tested and validated by Intel, this list is constantly extended. And currently it supports:
 - `Devito <https://www.devitoproject.org/>`_
 - `GROMACS <https://www.gromacs.org/>`_
 - `HPCG <https://www.hpcg-benchmark.org/>`_
 - `HPL <https://netlib.org/benchmark/hpl/>`_
 - `LAMMPS <https://www.lammps.org/#gsc.tab=0>`_
 - `OpenFOAM <https://www.openfoam.com/>`_
 - `Quantum Espresso <https://www.quantum-espresso.org/>`_
 - `STREAM <https://www.cs.virginia.edu/stream/>`_
 - `WRF <https://github.com/wrf-model/WRF>`_
 To build lammps with oneAPI compiler from this environment just run::
  spack install lammps
 Compiled binaries can be find using::
  spack cd -i lammps
 You can do the same for all other applications from this environment.
 Using oneAPI MPI to Satisfy a Virtual Dependence
 ------------------------------------------------------
@@ -173,7 +124,7 @@ Using oneAPI Tools Installed by Spack
 =====================================
 Spack can be a convenient way to install and configure compilers and
-libraries, even if you do not intend to build a Spack package. If you
+libaries, even if you do not intend to build a Spack package. If you
 want to build a Makefile project using Spack-installed oneAPI compilers,
 then use spack to configure your environment::
--- a/lib/spack/docs/build_systems/intelpackage.rst
+++ b/lib/spack/docs/build_systems/intelpackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _intelpackage:
-----
+------------
-Intel
+IntelPackage
-----
+------------
 .. contents::
@@ -397,7 +397,7 @@ for specifics and examples for ``packages.yaml`` files.
 .. If your system administrator did not provide modules for pre-installed Intel
   tools, you could do well to ask for them, because installing multiple copies
-   of the Intel tools, as is won't to happen once Spack is in the picture, is
+   of the Intel tools, as is wont to happen once Spack is in the picture, is
   bound to stretch disk space and patience thin. If you *are* the system
   administrator and are still new to modules, then perhaps it's best to follow
   the `next section <Installing Intel tools within Spack_>`_ and install the tools
@@ -653,7 +653,7 @@ follow `the next section <intel-install-libs_>`_ instead.
   * If you specified a custom variant (for example ``+vtune``) you may want to add this as your
     preferred variant in the packages configuration for the ``intel-parallel-studio`` package
     as described in :ref:`package-preferences`. Otherwise you will have to specify
-     the variant every time ``intel-parallel-studio`` is being used as ``mkl``, ``fftw`` or ``mpi``
+     the variant everytime ``intel-parallel-studio`` is being used as ``mkl``, ``fftw`` or ``mpi``
     implementation to avoid pulling in a different variant.
   * To set the Intel compilers for default use in Spack, instead of the usual ``%gcc``,
--- a/lib/spack/docs/build_systems/luapackage.rst
+++ b/lib/spack/docs/build_systems/luapackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/makefilepackage.rst
+++ b/lib/spack/docs/build_systems/makefilepackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/mavenpackage.rst
+++ b/lib/spack/docs/build_systems/mavenpackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/mesonpackage.rst
+++ b/lib/spack/docs/build_systems/mesonpackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/octavepackage.rst
+++ b/lib/spack/docs/build_systems/octavepackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/perlpackage.rst
+++ b/lib/spack/docs/build_systems/perlpackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/pythonpackage.rst
+++ b/lib/spack/docs/build_systems/pythonpackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _pythonpackage:
------
+-------------
-Python
+PythonPackage
------
+-------------
 Python packages and modules have their own special build system. This
 documentation covers everything you'll need to know in order to write
@@ -366,7 +366,7 @@ If the ``pyproject.toml`` lists ``mesonpy`` as the ``build-backend``,
 it uses the meson build system. Meson uses the default
 ``pyproject.toml`` keys to list dependencies.
-See https://meson-python.readthedocs.io/en/latest/tutorials/introduction.html
+See https://meson-python.readthedocs.io/en/latest/usage/start.html
 for more information.
 """
@@ -582,7 +582,7 @@ libraries. Make sure not to add modules/packages containing the word
 "test", as these likely won't end up in the installation directory,
 or may require test dependencies like pytest to be installed.
-Instead of defining the ``import_modules`` explicitly, only the subset
+Instead of defining the ``import_modules`` explicity, only the subset
 of module names to be skipped can be defined by using ``skip_modules``.
 If a defined module has submodules, they are skipped as well, e.g.,
 in case the ``plotting`` modules should be excluded from the
@@ -724,9 +724,10 @@ extends vs. depends_on
 This is very similar to the naming dilemma above, with a slight twist.
 As mentioned in the :ref:`Packaging Guide <packaging_extensions>`,
-``extends`` and ``depends_on`` are very similar, but ``extends`` ensures
+``extends`` and ``depends_on`` are very similar, but ``extends`` adds
-that the extension and extendee share the same prefix in views.
+the ability to *activate* the package. Activation involves symlinking
-This allows the user to import a Python module without
+everything in the installation prefix of the package to the installation
 prefix of Python. This allows the user to import a Python module without
 having to add that module to ``PYTHONPATH``.
 When deciding between ``extends`` and ``depends_on``, the best rule of
@@ -734,7 +735,7 @@ thumb is to check the installation prefix. If Python libraries are
 installed to ``<prefix>/lib/pythonX.Y/site-packages``, then you
 should use ``extends``. If Python libraries are installed elsewhere
 or the only files that get installed reside in ``<prefix>/bin``, then
-don't use ``extends``.
+don't use ``extends``, as symlinking the package wouldn't be useful.
 ^^^^^^^^^^^^^^^^^^^^^
 Alternatives to Spack
--- a/lib/spack/docs/build_systems/qmakepackage.rst
+++ b/lib/spack/docs/build_systems/qmakepackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/racketpackage.rst
+++ b/lib/spack/docs/build_systems/racketpackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/rocmpackage.rst
+++ b/lib/spack/docs/build_systems/rocmpackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _rocmpackage:
----
+-----------
-ROCm
+ROCmPackage
----
+-----------
 The ``ROCmPackage`` is not a build system but a helper package. Like ``CudaPackage``,
 it provides standard variants, dependencies, and conflicts to facilitate building
@@ -25,7 +25,7 @@ This package provides the following variants:
 * **rocm**
-  This variant is used to enable/disable building with ``rocm``.
+  This variant is used to enable/disable building with ``rocm``.  
  The default is disabled (or ``False``).
 * **amdgpu_target**
--- a/lib/spack/docs/build_systems/rpackage.rst
+++ b/lib/spack/docs/build_systems/rpackage.rst
@@ -1,13 +1,13 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _rpackage:
--
+--------
-R
+RPackage
--
+--------
 Like Python, R has its own built-in build system.
@@ -193,10 +193,10 @@ Build system dependencies
 As an extension of the R ecosystem, your package will obviously depend
 on R to build and run. Normally, we would use ``depends_on`` to express
-this, but for R packages, we use ``extends``. This implies a special
+this, but for R packages, we use ``extends``. ``extends`` is similar to
-dependency on R, which is used to set environment variables such as
+``depends_on``, but adds an additional feature: the ability to "activate"
-``R_LIBS`` uniformly. Since every R package needs this, the ``RPackage``
+the package by symlinking it to the R installation directory. Since
-base class contains:
+every R package needs this, the ``RPackage`` base class contains:
 .. code-block:: python
--- a/lib/spack/docs/build_systems/rubypackage.rst
+++ b/lib/spack/docs/build_systems/rubypackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/sconspackage.rst
+++ b/lib/spack/docs/build_systems/sconspackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/build_systems/sippackage.rst
+++ b/lib/spack/docs/build_systems/sippackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -32,7 +32,7 @@ By default, these phases run:
 .. code-block:: console
-   $ sip-build --verbose --target-dir ...
+   $ python configure.py --bindir ... --destdir ...
   $ make
   $ make install
@@ -41,30 +41,30 @@ By default, these phases run:
 Important files
 ^^^^^^^^^^^^^^^
-Each SIP package comes with a custom configuration file written in Python.
+Each SIP package comes with a custom ``configure.py`` build script,
-For newer packages, this is called ``project.py``, while in older packages,
+written in Python. This script contains instructions to build the project.
 it may be called ``configure.py``. This script contains instructions to build
 the project.
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 Build system dependencies
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-``SIPPackage`` requires several dependencies. Python and SIP are needed at build-time
+``SIPPackage`` requires several dependencies. Python is needed to run
-to run the aforementioned configure script. Python is also needed at run-time to
+the ``configure.py`` build script, and to run the resulting Python
-actually use the installed Python library. And as we are building Python bindings
+libraries. Qt is needed to provide the ``qmake`` command. SIP is also
-for C/C++ libraries, Python is also needed as a link dependency. All of these
+needed to build the package. All of these dependencies are automatically
-dependencies are automatically added via the base class.
+added via the base class
 .. code-block:: python
-   extends("python", type=("build", "link", "run"))
+   extends('python')
   depends_on("py-sip", type="build")
   depends_on('qt', type='build')
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   depends_on('py-sip', type='build')
-Passing arguments to ``sip-build``
+
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Passing arguments to ``configure.py``
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Each phase comes with a ``<phase_args>`` function that can be used to pass
 arguments to that particular phase. For example, if you need to pass
@@ -72,11 +72,11 @@ arguments to the configure phase, you can use:
 .. code-block:: python
-   def configure_args(self):
+   def configure_args(self, spec, prefix):
-       return ["--no-python-dbus"]
+       return ['--no-python-dbus']
-A list of valid options can be found by running ``sip-build --help``.
+A list of valid options can be found by running ``python configure.py --help``.
 ^^^^^^^
 Testing
--- a/lib/spack/docs/build_systems/sourceforgepackage.rst
+++ b/lib/spack/docs/build_systems/sourceforgepackage.rst
@@ -1,19 +1,19 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _sourceforgepackage:
-----------
+------------------
-Sourceforge
+SourceforgePackage
-----------
+------------------
-``SourceforgePackage`` is a
+``SourceforgePackage`` is a 
 `mixin-class <https://en.wikipedia.org/wiki/Mixin>`_. It automatically
 sets the URL based on a list of Sourceforge mirrors listed in
 `sourceforge_mirror_path`, which defaults to a half dozen known mirrors.
-Refer to the package source
+Refer to the package source 
 (`<https://github.com/spack/spack/blob/develop/lib/spack/spack/build_systems/sourceforge.py>`__) for the current list of mirrors used by Spack.
@@ -29,7 +29,7 @@ This package provides a method for populating mirror URLs.
    It is decorated with `property` so its results are treated as
    a package attribute.
-    Refer to
+    Refer to 
    `<https://spack.readthedocs.io/en/latest/packaging_guide.html#mirrors-of-the-main-url>`__
    for information on how Spack uses the `urls` attribute during
    fetching.
--- a/lib/spack/docs/build_systems/wafpackage.rst
+++ b/lib/spack/docs/build_systems/wafpackage.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -58,7 +58,9 @@ Testing
 ``WafPackage`` also provides ``test`` and ``installtest`` methods,
 which are run after the ``build`` and ``install`` phases, respectively.
 By default, these phases do nothing, but you can override them to
-run package-specific unit tests.
+run package-specific unit tests. For example, the
 `py-py2cairo <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/py-py2cairo/package.py>`_
 package uses:
 .. code-block:: python
--- a/lib/spack/docs/chain.rst
+++ b/lib/spack/docs/chain.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/conf.py
+++ b/lib/spack/docs/conf.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -36,7 +36,13 @@
 if not os.path.exists(link_name):
    os.symlink(os.path.abspath("../../.."), link_name, target_is_directory=True)
 sys.path.insert(0, os.path.abspath("_spack_root/lib/spack/external"))
-sys.path.insert(0, os.path.abspath("_spack_root/lib/spack/external/_vendoring"))
+sys.path.insert(0, os.path.abspath("_spack_root/lib/spack/external/pytest-fallback"))
 if sys.version_info[0] < 3:
    sys.path.insert(0, os.path.abspath("_spack_root/lib/spack/external/yaml/lib"))
 else:
    sys.path.insert(0, os.path.abspath("_spack_root/lib/spack/external/yaml/lib3"))
 sys.path.append(os.path.abspath("_spack_root/lib/spack/"))
 # Add the Spack bin directory to the path so that we can use its output in docs.
@@ -48,6 +54,9 @@
 os.environ["COLIFY_SIZE"] = "25x120"
 os.environ["COLUMNS"] = "120"
 # Generate full package list if needed
 subprocess.call(["spack", "list", "--format=html", "--update=package_list.html"])
 # Generate a command index if an update is needed
 subprocess.call(
    [
@@ -71,22 +80,13 @@
    "--force",  # Overwrite existing files
    "--no-toc",  # Don't create a table of contents file
    "--output-dir=.",  # Directory to place all output
    "--module-first",  # emit module docs before submodule docs
 ]
-sphinx_apidoc(
+sphinx_apidoc(apidoc_args + ["_spack_root/lib/spack/spack"])
    apidoc_args
    + [
        "_spack_root/lib/spack/spack",
        "_spack_root/lib/spack/spack/test/*.py",
        "_spack_root/lib/spack/spack/test/cmd/*.py",
    ]
 )
 sphinx_apidoc(apidoc_args + ["_spack_root/lib/spack/llnl"])
 # Enable todo items
 todo_include_todos = True
 #
 # Disable duplicate cross-reference warnings.
 #
@@ -94,7 +94,9 @@ class PatchedPythonDomain(PythonDomain):
    def resolve_xref(self, env, fromdocname, builder, typ, target, node, contnode):
        if "refspecific" in node:
            del node["refspecific"]
-        return super().resolve_xref(env, fromdocname, builder, typ, target, node, contnode)
+        return super(PatchedPythonDomain, self).resolve_xref(
            env, fromdocname, builder, typ, target, node, contnode
        )
 #
@@ -144,6 +146,7 @@ def setup(sphinx):
 # Get nice vector graphics
 graphviz_output_format = "svg"
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ["_templates"]
@@ -157,8 +160,8 @@ def setup(sphinx):
 master_doc = "index"
 # General information about the project.
-project = "Spack"
+project = u"Spack"
-copyright = "2013-2023, Lawrence Livermore National Laboratory."
+copyright = u"2013-2021, Lawrence Livermore National Laboratory."
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
@@ -203,17 +206,12 @@ def setup(sphinx):
    ("py:class", "_frozen_importlib_external.SourceFileLoader"),
    ("py:class", "clingo.Control"),
    ("py:class", "six.moves.urllib.parse.ParseResult"),
    ("py:class", "TextIO"),
    # Spack classes that are private and we don't want to expose
    ("py:class", "spack.provider_index._IndexBase"),
    ("py:class", "spack.repo._PrependFileLoader"),
    ("py:class", "spack.build_systems._checks.BaseBuilder"),
    # Spack classes that intersphinx is unable to resolve
-    ("py:class", "spack.version.StandardVersion"),
+    ("py:class", "spack.version.VersionBase"),
    ("py:class", "spack.spec.DependencySpec"),
    ("py:class", "spack.spec.InstallStatus"),
    ("py:class", "spack.spec.SpecfileReaderBase"),
    ("py:class", "spack.install_test.Pb"),
 ]
 # The reST default role (used for this markup: `text`) to use for all documents.
@@ -229,8 +227,30 @@ def setup(sphinx):
 # If true, sectionauthor and moduleauthor directives will be shown in the
 # output. They are ignored by default.
 # show_authors = False
-sys.path.append("./_pygments")
+
-pygments_style = "style.SpackStyle"
+# The name of the Pygments (syntax highlighting) style to use.
 # We use our own extension of the default style with a few modifications
 from pygments.style import Style
 from pygments.styles.default import DefaultStyle
 from pygments.token import Comment, Generic, Text
 class SpackStyle(DefaultStyle):
    styles = DefaultStyle.styles.copy()
    background_color = "#f4f4f8"
    styles[Generic.Output] = "#355"
    styles[Generic.Prompt] = "bold #346ec9"
 import pkg_resources
 dist = pkg_resources.Distribution(__file__)
 sys.path.append(".")  # make 'conf' module findable
 ep = pkg_resources.EntryPoint.parse("spack = conf:SpackStyle", dist=dist)
 dist._ep_map = {"pygments.styles": {"plugin1": ep}}
 pkg_resources.working_set.add(dist)
 pygments_style = "spack"
 # A list of ignored prefixes for module index sorting.
 # modindex_common_prefix = []
@@ -315,20 +335,23 @@ def setup(sphinx):
 # Output file base name for HTML help builder.
 htmlhelp_basename = "Spackdoc"
 # -- Options for LaTeX output --------------------------------------------------
 latex_elements = {
    # The paper size ('letterpaper' or 'a4paper').
-    # 'papersize': 'letterpaper',
+    #'papersize': 'letterpaper',
    # The font size ('10pt', '11pt' or '12pt').
-    # 'pointsize': '10pt',
+    #'pointsize': '10pt',
    # Additional stuff for the LaTeX preamble.
-    # 'preamble': '',
+    #'preamble': '',
 }
 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title, author, documentclass [howto/manual]).
-latex_documents = [("index", "Spack.tex", "Spack Documentation", "Todd Gamblin", "manual")]
+latex_documents = [
    ("index", "Spack.tex", u"Spack Documentation", u"Todd Gamblin", "manual"),
 ]
 # The name of an image file (relative to this directory) to place at the top of
 # the title page.
@@ -355,7 +378,7 @@ def setup(sphinx):
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
-man_pages = [("index", "spack", "Spack Documentation", ["Todd Gamblin"], 1)]
+man_pages = [("index", "spack", u"Spack Documentation", [u"Todd Gamblin"], 1)]
 # If true, show URL addresses after external links.
 # man_show_urls = False
@@ -370,12 +393,12 @@ def setup(sphinx):
    (
        "index",
        "Spack",
-        "Spack Documentation",
+        u"Spack Documentation",
-        "Todd Gamblin",
+        u"Todd Gamblin",
        "Spack",
        "One line description of project.",
        "Miscellaneous",
-    )
+    ),
 ]
 # Documents to append as an appendix to all manuals.
@@ -391,4 +414,6 @@ def setup(sphinx):
 # -- Extension configuration -------------------------------------------------
 # sphinx.ext.intersphinx
-intersphinx_mapping = {"python": ("https://docs.python.org/3", None)}
+intersphinx_mapping = {
    "python": ("https://docs.python.org/3", None),
 }
--- a/lib/spack/docs/config_yaml.rst
+++ b/lib/spack/docs/config_yaml.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -222,7 +222,7 @@ and location. (See the *Configuration settings* section of ``man
 ccache`` to learn more about the default settings and how to change
 them). Please note that we currently disable ccache's ``hash_dir``
 feature to avoid an issue with the stage directory (see
-https://github.com/spack/spack/pull/3761#issuecomment-294352232).
+https://github.com/LLNL/spack/pull/3761#issuecomment-294352232).
 -----------------------
 ``shared_linking:type``
@@ -292,13 +292,12 @@ It is also worth noting that:
         non_bindable_shared_objects = ["libinterface.so"]
 ----------------------
-``install_status``
+``terminal_title``
 ----------------------
-When set to ``true``, Spack will show information about its current progress
+By setting this option to ``true``, Spack will update the terminal's title to
-as well as the current and total package numbers. Progress is shown both
+provide information about its current progress as well as the current and
-in the terminal title and inline. Setting it to ``false`` will not show any
+total package numbers.
 progress information.
 To work properly, this requires your terminal to reset its title after
 Spack has finished its work, otherwise Spack's status information will
--- a/lib/spack/docs/configuration.rst
+++ b/lib/spack/docs/configuration.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -20,9 +20,8 @@ case you want to skip directly to specific docs:
 * :ref:`packages.yaml <build-settings>`
 * :ref:`repos.yaml <repositories>`
-You can also add any of these as inline configuration in the YAML
+You can also add any of these as inline configuration in ``spack.yaml``
-manifest file (``spack.yaml``) describing an :ref:`environment
+in an :ref:`environment <environment-configuration>`.
 <environment-configuration>`.
 -----------
 YAML Format
@@ -228,9 +227,6 @@ You can get the name to use for ``<platform>`` by running ``spack arch
 --platform``. The system config scope has a ``<platform>`` section for
 sites at which ``/etc`` is mounted on multiple heterogeneous machines.
 .. _config-scope-precedence:
 ----------------
 Scope Precedence
 ----------------
@@ -243,11 +239,6 @@ lower-precedence settings. Completely ignoring higher-level configuration
 options is supported with the ``::`` notation for keys (see
 :ref:`config-overrides` below).
 There are also special notations for string concatenation and precendense override.
 Using the ``+:`` notation  can be used to force *prepending* strings or lists. For lists, this is identical
 to the default behavior. Using the ``-:`` works similarly, but for *appending* values.
 :ref:`config-prepend-append`
 ^^^^^^^^^^^
 Simple keys
 ^^^^^^^^^^^
@@ -288,47 +279,6 @@ command:
       - ~/.spack/stage
 .. _config-prepend-append:
 ^^^^^^^^^^^^^^^^^^^^
 String Concatenation
 ^^^^^^^^^^^^^^^^^^^^
 Above, the user ``config.yaml`` *completely* overrides specific settings in the
 default ``config.yaml``. Sometimes, it is useful to add a suffix/prefix
 to a path or name. To do this, you can use the ``-:`` notation for *append*
 string concatenation at the end of a key in a configuration file. For example:
 .. code-block:: yaml
   :emphasize-lines: 1
   :caption: ~/.spack/config.yaml
   config:
     install_tree-: /my/custom/suffix/
 Spack will then append to the lower-precedence configuration under the
 ``install_tree-:`` section:
 .. code-block:: console
   $ spack config get config
   config:
     install_tree: /some/other/directory/my/custom/suffix
     build_stage:
       - $tempdir/$user/spack-stage
       - ~/.spack/stage
 Similarly, ``+:`` can be used to *prepend* to a path or name:
 .. code-block:: yaml
   :emphasize-lines: 1
   :caption: ~/.spack/config.yaml
   config:
     install_tree+: /my/custom/suffix/
 .. _config-overrides:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -444,7 +394,7 @@ are indicated at the start of the path with ``~`` or ``~user``.
 Spack-specific variables
 ^^^^^^^^^^^^^^^^^^^^^^^^
-Spack understands over a dozen special variables. These are:
+Spack understands several special variables. These are:
 * ``$env``: name of the currently active :ref:`environment <environments>`
 * ``$spack``: path to the prefix of this Spack installation
@@ -455,19 +405,6 @@ Spack understands over a dozen special variables. These are:
 * ``$user``: name of the current user
 * ``$user_cache_path``: user cache directory (``~/.spack`` unless
  :ref:`overridden <local-config-overrides>`)
 * ``$architecture``: the architecture triple of the current host, as
  detected by Spack.
 * ``$arch``: alias for ``$architecture``.
 * ``$platform``: the platform of the current host, as detected by Spack.
 * ``$operating_system``: the operating system of the current host, as
  detected by the ``distro`` python module.
 * ``$os``: alias for ``$operating_system``.
 * ``$target``: the ISA target for the current host, as detected by
  ArchSpec. E.g. ``skylake`` or ``neoverse-n1``.
 * ``$target_family``. The target family for the current host, as
  detected by ArchSpec. E.g. ``x86_64`` or ``aarch64``.
 * ``$date``: the current date in the format YYYY-MM-DD
 Note that, as with shell variables, you can write these as ``$varname``
 or with braces to distinguish the variable from surrounding characters:
--- a/lib/spack/docs/containers.rst
+++ b/lib/spack/docs/containers.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -143,26 +143,6 @@ The OS that are currently supported are summarized in the table below:
   * - Amazon Linux 2
     - ``amazonlinux:2``
     - ``spack/amazon-linux``
   * - AlmaLinux 8
     - ``almalinux:8``
     - ``spack/almalinux8``
   * - AlmaLinux 9
     - ``almalinux:9``
     - ``spack/almalinux9``
   * - Rocky Linux 8
     - ``rockylinux:8``
     - ``spack/rockylinux8``
   * - Rocky Linux 9
     - ``rockylinux:9``
     - ``spack/rockylinux9``
   * - Fedora Linux 37
     - ``fedora:37``
     - ``spack/fedora37``
   * - Fedora Linux 38
     - ``fedora:38``
     - ``spack/fedora38``
 All the images are tagged with the corresponding release of Spack:
@@ -212,12 +192,18 @@ under the ``container`` attribute of environments:
         final:
         - libgomp
       # Extra instructions
       extra_instructions:
         final: |
           RUN echo 'export PS1="\[$(tput bold)\]\[$(tput setaf 1)\][gromacs]\[$(tput setaf 2)\]\u\[$(tput sgr0)\]:\w $ "' >> ~/.bashrc
       # Labels for the image
       labels:
         app: "gromacs"
         mpi: "mpich"
-A detailed description of the options available can be found in the :ref:`container_config_options` section.
+A detailed description of the options available can be found in the
 :ref:`container_config_options` section.
 -------------------
 Setting Base Images
@@ -458,127 +444,6 @@ attribute:
 The minimum version of Singularity required to build a SIF (Singularity Image Format)
 image from the recipes generated by Spack is ``3.5.3``.
 ------------------------------
 Extending the Jinja2 Templates
 ------------------------------
 The Dockerfile and the Singularity definition file that Spack can generate are based on
 a few Jinja2 templates that are rendered according to the environment being containerized.
 Even though Spack allows a great deal of customization by just setting appropriate values for
 the configuration options, sometimes that is not enough.
 In those cases, a user can directly extend the template that Spack uses to render the image
 to e.g. set additional environment variables or perform specific operations either before or
 after a given stage of the build. Let's consider as an example the following structure:
 .. code-block:: console
   $ tree /opt/environment
   /opt/environment
   ├── data
   │     └── data.csv
   ├── spack.yaml
   ├── data
   └── templates
       └── container
           └── CustomDockerfile
 containing both the custom template extension and the environment manifest file. To use a custom
 template, the environment must register the directory containing it, and declare its use under the
 ``container`` configuration:
 .. code-block:: yaml
   :emphasize-lines: 7-8,12
   spack:
     specs:
     - hdf5~mpi
     concretizer:
       unify: true
     config:
       template_dirs:
       - /opt/environment/templates
     container:
       format: docker
       depfile: true
       template: container/CustomDockerfile
 The template extension can override two blocks, named ``build_stage`` and ``final_stage``, similarly to
 the example below:
 .. code-block::
   :emphasize-lines: 3,8
   {% extends "container/Dockerfile" %}
   {% block build_stage %}
   RUN echo "Start building"
   {{ super() }}
   {% endblock %}
   {% block final_stage %}
   {{ super() }}
   COPY data /share/myapp/data
   {% endblock %}
 The Dockerfile is generated by running:
 .. code-block:: console
   $ spack -e /opt/environment containerize
 Note that the environment must be active for spack to read the template.
 The recipe that gets generated contains the two extra instruction that we added in our template extension:
 .. code-block:: Dockerfile
   :emphasize-lines: 4,43
   # Build stage with Spack pre-installed and ready to be used
   FROM spack/ubuntu-jammy:latest as builder
   RUN echo "Start building"
   # What we want to install and how we want to install it
   # is specified in a manifest file (spack.yaml)
   RUN mkdir /opt/spack-environment \
   &&  (echo "spack:" \
   &&   echo "  specs:" \
   &&   echo "  - hdf5~mpi" \
   &&   echo "  concretizer:" \
   &&   echo "    unify: true" \
   &&   echo "  config:" \
   &&   echo "    template_dirs:" \
   &&   echo "    - /tmp/environment/templates" \
   &&   echo "    install_tree: /opt/software" \
   &&   echo "  view: /opt/view") > /opt/spack-environment/spack.yaml
   # Install the software, remove unnecessary deps
   RUN cd /opt/spack-environment && spack env activate . && spack concretize && spack env depfile -o Makefile && make -j $(nproc) && spack gc -y
   # Strip all the binaries
   RUN find -L /opt/view/* -type f -exec readlink -f '{}' \; | \
       xargs file -i | \
       grep 'charset=binary' | \
       grep 'x-executable\|x-archive\|x-sharedlib' | \
       awk -F: '{print $1}' | xargs strip -s
   # Modifications to the environment that are necessary to run
   RUN cd /opt/spack-environment && \
       spack env activate --sh -d . >> /etc/profile.d/z10_spack_environment.sh
   # Bare OS image to run the installed executables
   FROM ubuntu:22.04
   COPY --from=builder /opt/spack-environment /opt/spack-environment
   COPY --from=builder /opt/software /opt/software
   COPY --from=builder /opt/._view /opt/._view
   COPY --from=builder /opt/view /opt/view
   COPY --from=builder /etc/profile.d/z10_spack_environment.sh /etc/profile.d/z10_spack_environment.sh
   COPY data /share/myapp/data
   ENTRYPOINT ["/bin/bash", "--rcfile", "/etc/profile", "-l", "-c", "$*", "--" ]
   CMD [ "/bin/bash" ]
 .. _container_config_options:
 -----------------------
@@ -599,10 +464,6 @@ to customize the generation of container recipes:
     - The format of the recipe
     - ``docker`` or ``singularity``
     - Yes
   * - ``depfile``
     - Whether to use a depfile for installation, or not
     - True or False (default)
     - No
   * - ``images:os``
     - Operating system used as a base for the image
     - See :ref:`containers-supported-os`
@@ -637,7 +498,7 @@ to customize the generation of container recipes:
     - No
   * - ``os_packages:command``
     - Tool used to manage system packages
-     - ``apt``, ``yum``, ``dnf``, ``dnf_epel``, ``zypper``, ``apk``, ``yum_amazon``
+     - ``apt``, ``yum``
     - Only with custom base images
   * - ``os_packages:update``
     - Whether or not to update the list of available packages
@@ -651,6 +512,14 @@ to customize the generation of container recipes:
     - System packages needed at run-time
     - Valid packages for the current OS
     - No
   * - ``extra_instructions:build``
     - Extra instructions (e.g. `RUN`, `COPY`, etc.) at the end of the ``build`` stage
     - Anything understood by the current ``format``
     - No
   * - ``extra_instructions:final``
     - Extra instructions (e.g. `RUN`, `COPY`, etc.) at the end of the ``final`` stage
     - Anything understood by the current ``format``
     - No
   * - ``labels``
     - Labels to tag the image
     - Pairs of key-value strings
--- a/lib/spack/docs/contribution_guide.rst
+++ b/lib/spack/docs/contribution_guide.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -118,7 +118,7 @@ make another change, test that change, etc.  We use `pytest
 <http://pytest.org/>`_ as our tests framework, and these types of
 arguments are just passed to the ``pytest`` command underneath. See `the
 pytest docs
-<https://doc.pytest.org/en/latest/how-to/usage.html#specifying-which-tests-to-run>`_
+<http://doc.pytest.org/en/latest/usage.html#specifying-tests-selecting-tests>`_
 for more details on test selection syntax.
 ``spack unit-test`` has a few special options that can help you
@@ -147,7 +147,7 @@ you want to know about.  For example, to see just the tests in
 You can also combine any of these options with a ``pytest`` keyword
 search.  See the `pytest usage docs
-<https://doc.pytest.org/en/latest/how-to/usage.html#specifying-which-tests-to-run>`_
+<https://docs.pytest.org/en/stable/usage.html#specifying-tests-selecting-tests>`_:
 for more details on test selection syntax. For example, to see the names of all tests that have "spec"
 or "concretize" somewhere in their names:
@@ -253,6 +253,27 @@ to update them.
   multiple runs of ``spack style`` just to re-compute line numbers and
   makes it much easier to fix errors directly off of the CI output.
 .. warning::
   Flake8 and ``pep8-naming`` require a number of dependencies in order
   to run.  If you installed ``py-flake8`` and ``py-pep8-naming``, the
   easiest way to ensure the right packages are on your ``PYTHONPATH`` is
   to run::
     spack activate py-flake8
     spack activate pep8-naming
   so that all of the dependencies are symlinked to a central
   location. If you see an error message like:
   .. code-block:: console
      Traceback (most recent call last):
        File: "/usr/bin/flake8", line 5, in <module>
          from pkg_resources import load_entry_point
      ImportError: No module named pkg_resources
   that means Flake8 couldn't find setuptools in your ``PYTHONPATH``.
 ^^^^^^^^^^^^^^^^^^^
 Documentation Tests
@@ -288,9 +309,13 @@ All of these can be installed with Spack, e.g.
   .. code-block:: console
-      $ spack load py-sphinx py-sphinx-rtd-theme py-sphinxcontrib-programoutput
+      $ spack activate py-sphinx
      $ spack activate py-sphinx-rtd-theme
      $ spack activate py-sphinxcontrib-programoutput
-   so that all of the dependencies are added to PYTHONPATH.  If you see an error message
+   so that all of the dependencies are symlinked into that Python's
   tree.  Alternatively, you could arrange for their library
   directories to be added to PYTHONPATH.  If you see an error message
   like:
   .. code-block:: console
@@ -310,11 +335,53 @@ Once all of the dependencies are installed, you can try building the documentati
   $ make clean
   $ make
-If you see any warning or error messages, you will have to correct those before your PR
+If you see any warning or error messages, you will have to correct those before
-is accepted. If you are editing the documentation, you should be running the
+your PR is accepted.
-documentation tests to make sure there are no errors. Documentation changes can result
+
-in some obfuscated warning messages. If you don't understand what they mean, feel free
+If you are editing the documentation, you should obviously be running the
-to ask when you submit your PR.
+documentation tests. But even if you are simply adding a new package, your
 changes could cause the documentation tests to fail:
 .. code-block:: console
   package_list.rst:8745: WARNING: Block quote ends without a blank line; unexpected unindent.
 At first, this error message will mean nothing to you, since you didn't edit
 that file. Until you look at line 8745 of the file in question:
 .. code-block:: rst
   Description:
      NetCDF is a set of software libraries and self-describing, machine-
     independent data formats that support the creation, access, and sharing
     of array-oriented scientific data.
 Our documentation includes :ref:`a list of all Spack packages <package-list>`.
 If you add a new package, its docstring is added to this page. The problem in
 this case was that the docstring looked like:
 .. code-block:: python
   class Netcdf(Package):
       """
       NetCDF is a set of software libraries and self-describing,
       machine-independent data formats that support the creation,
       access, and sharing of array-oriented scientific data.
       """
 Docstrings cannot start with a newline character, or else Sphinx will complain.
 Instead, they should look like:
 .. code-block:: python
   class Netcdf(Package):
       """NetCDF is a set of software libraries and self-describing,
       machine-independent data formats that support the creation,
       access, and sharing of array-oriented scientific data."""
 Documentation changes can result in much more obfuscated warning messages.
 If you don't understand what they mean, feel free to ask when you submit
 your PR.
 --------
 Coverage
--- a/lib/spack/docs/developer_guide.rst
+++ b/lib/spack/docs/developer_guide.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -175,11 +175,14 @@ Spec-related modules
 ^^^^^^^^^^^^^^^^^^^^
 :mod:`spack.spec`
-  Contains :class:`~spack.spec.Spec`. Also implements most of the logic for concretization
+  Contains :class:`~spack.spec.Spec` and :class:`~spack.spec.SpecParser`.
  Also implements most of the logic for normalization and concretization
  of specs.
-:mod:`spack.parser`
+:mod:`spack.parse`
-  Contains :class:`~spack.parser.SpecParser` and functions related to parsing specs.
+  Contains some base classes for implementing simple recursive descent
  parsers: :class:`~spack.parse.Parser` and :class:`~spack.parse.Lexer`.
  Used by :class:`~spack.spec.SpecParser`.
 :mod:`spack.concretize`
  Contains :class:`~spack.concretize.Concretizer` implementation,
@@ -232,7 +235,7 @@ Spack Subcommands
 Unit tests
 ^^^^^^^^^^
-``spack.test``
+:mod:`spack.test`
  Implements Spack's test suite.  Add a module and put its name in
  the test suite in ``__init__.py`` to add more unit tests.
@@ -472,7 +475,7 @@ use my new hook as follows:
 .. code-block:: python
    def post_log_write(message, level):
-        """Do something custom with the message and level every time we write
+        """Do something custom with the messsage and level every time we write
        to the log
        """
        print('running post_log_write!')
--- a/lib/spack/docs/environments.rst
+++ b/lib/spack/docs/environments.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -58,9 +58,9 @@ Using Environments
 Here we follow a typical use case of creating, concretizing,
 installing and loading an environment.
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Creating a managed Environment
+Creating a named Environment
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 An environment is created by:
@@ -72,8 +72,7 @@ Spack then creates the directory ``var/spack/environments/myenv``.
 .. note::
-   All managed environments by default are stored in the ``var/spack/environments`` folder.
+   All named environments are stored in the ``var/spack/environments`` folder.
   This location can be changed by setting the ``environments_root`` variable in ``config.yaml``.
 In the ``var/spack/environments/myenv`` directory, Spack creates the
 file ``spack.yaml`` and the hidden directory ``.spack-env``.
@@ -94,9 +93,9 @@ an Environment, the ``.spack-env`` directory also contains:
  * ``logs/``: A directory containing the build logs for the packages
    in this Environment.
-Spack Environments can also be created from either a manifest file
+Spack Environments can also be created from either a ``spack.yaml``
-(usually but not necessarily named, ``spack.yaml``) or a lockfile.
+manifest or a ``spack.lock`` lockfile. To create an Environment from a
-To create an Environment from a manifest:
+``spack.yaml`` manifest:
 .. code-block:: console
@@ -174,7 +173,7 @@ Anonymous specs can be created in place using the command:
   $ spack env create -d .
-In this case Spack simply creates a ``spack.yaml`` file in the requested
+In this case Spack simply creates a spack.yaml file in the requested
 directory.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -234,8 +233,8 @@ packages will be listed as roots of the Environment.
 All of the Spack commands that act on the list of installed specs are
 Environment-sensitive in this way, including ``install``,
-``uninstall``, ``find``, ``extensions``, and more. In the
+``uninstall``, ``activate``, ``deactivate``, ``find``, ``extensions``,
-:ref:`environment-configuration` section we will discuss
+and more. In the :ref:`environment-configuration` section we will discuss
 Environment-sensitive commands further.
 ^^^^^^^^^^^^^^^^^^^^^
@@ -347,7 +346,7 @@ the Environment and then install the concretized specs.
   (see :ref:`build-jobs`). To speed up environment builds further, independent
   packages can be installed in parallel by launching more Spack instances. For
   example, the following will build at most four packages in parallel using
-   three background jobs:
+   three background jobs: 
   .. code-block:: console
@@ -395,7 +394,7 @@ version (and other constraints) passed as the spec argument to the
 For packages with ``git`` attributes, git branches, tags, and commits can
 also be used as valid concrete versions (see :ref:`version-specifier`).
-This means that for a package ``foo``, ``spack develop foo@git.main`` will clone
+This means that for a package ``foo``, ``spack develop foo@git.main`` will clone 
 the ``main`` branch of the package, and ``spack install`` will install from
 that git clone if ``foo`` is in the environment.
 Further development on ``foo`` can be tested by reinstalling the environment,
@@ -520,49 +519,8 @@ available from the yaml file.
 ^^^^^^^^^^^^^^^^^^^
 Spec concretization
 ^^^^^^^^^^^^^^^^^^^
-An environment can be concretized in three different modes and the behavior active under
+An environment can be concretized in three different modes and the behavior active under any environment
-any environment is determined by the ``concretizer:unify`` configuration option.
+is determined by the ``concretizer:unify`` property. By default specs are concretized *separately*, one after the other:
 The *default* mode is to unify all specs:
 .. code-block:: yaml
   spack:
       specs:
         - hdf5+mpi
         - zlib@1.2.8
       concretizer:
         unify: true
 This means that any package in the environment corresponds to a single concrete spec. In
 the above example, when ``hdf5`` depends down the line of ``zlib``, it is required to
 take ``zlib@1.2.8`` instead of a newer version. This mode of concretization is
 particularly useful when environment views are used: if every package occurs in
 only one flavor, it is usually possible to merge all install directories into a view.
 A downside of unified concretization is that it can be overly strict. For example, a
 concretization error would happen when both ``hdf5+mpi`` and ``hdf5~mpi`` are specified
 in an environment.
 The second mode is to *unify when possible*: this makes concretization of root specs
 more independendent. Instead of requiring reuse of dependencies across different root
 specs, it is only maximized:
 .. code-block:: yaml
   spack:
       specs:
         - hdf5~mpi
         - hdf5+mpi
         - zlib@1.2.8
       concretizer:
         unify: when_possible
 This means that both ``hdf5`` installations will use ``zlib@1.2.8`` as a dependency even
 if newer versions of that library are available.
 The third mode of operation is to concretize root specs entirely independently by
 disabling unified concretization:
 .. code-block:: yaml
@@ -574,11 +532,45 @@ disabling unified concretization:
       concretizer:
         unify: false
-In this example ``hdf5`` is concretized separately, and does not consider ``zlib@1.2.8``
+This mode of operation permits to deploy a full software stack where multiple configurations of the same package
-as a constraint or preference. Instead, it will take the latest possible version.
+need to be installed alongside each other using the best possible selection of transitive dependencies. The downside
 is that redundancy of installations is disregarded completely, and thus environments might be more bloated than
 strictly needed. In the example above, for instance, if a version of ``zlib`` newer than ``1.2.8`` is known to Spack,
 then it will be used for both ``hdf5`` installations.
-The last two concretization options are typically useful for system administrators and
+If redundancy of the environment is a concern, Spack provides a way to install it *together where possible*,
-user support groups providing a large software stack for their HPC center.
+i.e. trying to maximize reuse of dependencies across different specs:
 .. code-block:: yaml
   spack:
       specs:
         - hdf5~mpi
         - hdf5+mpi
         - zlib@1.2.8
       concretizer:
         unify: when_possible
 Also in this case Spack allows having multiple configurations of the same package, but privileges the reuse of
 specs over other factors. Going back to our example, this means that both ``hdf5`` installations will use
 ``zlib@1.2.8`` as a dependency even if newer versions of that library are available.
 Central installations done at HPC centers by system administrators or user support groups are a common case
 that fits either of these two modes.
 Environments can also be configured to concretize all the root specs *together*, in a self-consistent way, to
 ensure that each package in the environment comes with a single configuration:
 .. code-block:: yaml
   spack:
       specs:
         - hdf5+mpi
         - zlib@1.2.8
       concretizer:
         unify: true
 This mode of operation is usually what is required by software developers that want to deploy their development
 environment and have a single view of it in the filesystem.
 .. note::
@@ -589,11 +581,10 @@ user support groups providing a large software stack for their HPC center.
 .. admonition:: Re-concretization of user specs
-   The ``spack concretize`` command without additional arguments will *not* change any
+   When concretizing specs *together* or *together where possible* the entire set of specs will be
-   previously concretized specs. This may prevent it from finding a solution when using
+   re-concretized after any addition of new user specs, to ensure that
-   ``unify: true``, and it may prevent it from finding a minimal solution when using
+   the environment remains consistent / minimal. When instead the specs are concretized
-   ``unify: when_possible``. You can force Spack to ignore the existing concrete environment
+   separately only the new specs will be re-concretized after any addition.
   with ``spack concretize -f``.
 ^^^^^^^^^^^^^
 Spec Matrices
@@ -916,9 +907,9 @@ function, as shown in the example below:
 .. code-block:: yaml
   projections:
-     zlib: "{name}-{version}"
+     zlib: {name}-{version}
-     ^mpi: "{name}-{version}/{^mpi.name}-{^mpi.version}-{compiler.name}-{compiler.version}"
+     ^mpi: {name}-{version}/{^mpi.name}-{^mpi.version}-{compiler.name}-{compiler.version}
-     all: "{name}-{version}/{compiler.name}-{compiler.version}"
+     all: {name}-{version}/{compiler.name}-{compiler.version}
 The entries in the projections configuration file must all be either
 specs or the keyword ``all``. For each spec, the projection used will
@@ -1041,7 +1032,7 @@ gets installed and is available for use in the ``env`` target.
   	$(SPACK) -e . concretize -f
   env.mk: spack.lock
-   	$(SPACK) -e . env depfile -o $@ --make-prefix spack
+   	$(SPACK) -e . env depfile -o $@ --make-target-prefix spack
   env: spack/env
   	$(info Environment installed!)
@@ -1064,79 +1055,27 @@ the include is conditional.
 .. note::
   When including generated ``Makefile``\s, it is important to use
-   the ``--make-prefix`` flag and use the non-phony target
+   the ``--make-target-prefix`` flag and use the non-phony target
-   ``<prefix>/env`` as prerequisite, instead of the phony target
+   ``<target-prefix>/env`` as prerequisite, instead of the phony target
-   ``<prefix>/all``.
+   ``<target-prefix>/all``.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Building a subset of the environment
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-The generated ``Makefile``\s contain install targets for each spec, identified
+The generated ``Makefile``\s contain install targets for each spec. Given the hash
-by ``<name>-<version>-<hash>``. This allows you to install only a subset of the
+of a particular spec, you can use the ``.install/<hash>`` target to install the
-packages in the environment. When packages are unique in the environment, it's
+spec with its dependencies. There is also ``.install-deps/<hash>`` to *only* install
 enough to know the name and let tab-completion fill out the version and hash.
 The following phony targets are available: ``install/<spec>`` to install the
 spec with its dependencies, and ``install-deps/<spec>`` to *only* install
 its dependencies. This can be useful when certain flags should only apply to
 dependencies. Below we show a use case where a spec is installed with verbose
 output (``spack install --verbose``) while its dependencies are installed silently:
 .. code:: console
-   $ spack env depfile -o Makefile
+   $ spack env depfile -o Makefile --make-target-prefix my_env
   # Install dependencies in parallel, only show a log on error.
-   $ make -j16 install-deps/python-3.11.0-<hash> SPACK_INSTALL_FLAGS=--show-log-on-error
+   $ make -j16 my_env/.install-deps/<hash> SPACK_INSTALL_FLAGS=--show-log-on-error
   # Install the root spec with verbose output.
-   $ make -j16 install/python-3.11.0-<hash> SPACK_INSTALL_FLAGS=--verbose
+   $ make -j16 my_env/.install/<hash> SPACK_INSTALL_FLAGS=--verbose
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 Adding post-install hooks
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 Another advanced use-case of generated ``Makefile``\s is running a post-install
 command for each package. These "hooks" could be anything from printing a
 post-install message, running tests, or pushing just-built binaries to a buildcache.
 This can be accomplished through the generated ``[<prefix>/]SPACK_PACKAGE_IDS``
 variable. Assuming we have an active and concrete environment, we generate the
 associated ``Makefile`` with a prefix ``example``:
 .. code:: console
   $ spack env depfile -o env.mk --make-prefix example
 And we now include it in a different ``Makefile``, in which we create a target
 ``example/push/%`` with ``%`` referring to a package identifier. This target
 depends on the particular package installation. In this target we automatically
 have the target-specific ``HASH`` and ``SPEC`` variables at our disposal. They
 are respectively the spec hash (excluding leading ``/``), and a human-readable spec.
 Finally, we have an entrypoint target ``push`` that will update the buildcache
 index once every package is pushed. Note how this target uses the generated
 ``example/SPACK_PACKAGE_IDS`` variable to define its prerequisites.
 .. code:: Makefile
   SPACK ?= spack
   BUILDCACHE_DIR = $(CURDIR)/tarballs
   .PHONY: all
   all: push
   include env.mk
   example/push/%: example/install/%
   	@mkdir -p $(dir $@)
   	$(info About to push $(SPEC) to a buildcache)
   	$(SPACK) -e . buildcache push --allow-root --only=package $(BUILDCACHE_DIR) /$(HASH)
   	@touch $@
   push: $(addprefix example/push/,$(example/SPACK_PACKAGE_IDS))
   	$(info Updating the buildcache index)
   	$(SPACK) -e . buildcache update-index $(BUILDCACHE_DIR)
   	$(info Done!)
   	@touch $@
--- a/lib/spack/docs/extensions.rst
+++ b/lib/spack/docs/extensions.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/features.rst
+++ b/lib/spack/docs/features.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -116,7 +116,7 @@ creates a simple python file:
       # FIXME: Add a list of GitHub accounts to
       # notify when the package is updated.
-       # maintainers("github_user1", "github_user2")
+       # maintainers = ["github_user1", "github_user2"]
       version("0.8.13", sha256="591a9b4ec81c1f2042a97aa60564e0cb79d041c52faa7416acb38bc95bd2c76d")
--- a/lib/spack/docs/getting_started.rst
+++ b/lib/spack/docs/getting_started.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -21,9 +21,8 @@ be present on the machine where Spack is run:
   :header-rows: 1
 These requirements can be easily installed on most modern Linux systems;
-on macOS, the Command Line Tools package is required, and a full XCode suite
+on macOS, XCode is required.  Spack is designed to run on HPC
-may be necessary for some packages such as Qt and apple-gl. Spack is designed
+platforms like Cray.  Not all packages should be expected
 to run on HPC platforms like Cray.  Not all packages should be expected
 to work on all platforms.
 A build matrix showing which packages are working on which systems is shown below.
@@ -41,9 +40,12 @@ A build matrix showing which packages are working on which systems is shown belo
      .. code-block:: console
-         dnf install epel-release
+         yum update -y
-         dnf group install "Development Tools"
+         yum install -y epel-release
-         dnf install curl findutils gcc-gfortran gnupg2 hostname iproute redhat-lsb-core python3 python3-pip python3-setuptools unzip python3-boto3
+         yum update -y
         yum --enablerepo epel groupinstall -y "Development Tools"
         yum --enablerepo epel install -y curl findutils gcc-c++ gcc gcc-gfortran git gnupg2 hostname iproute make patch python3 python3-pip python3-setuptools unzip
         python3 -m pip install boto3
   .. tab-item:: macOS Brew
@@ -317,7 +319,7 @@ installed, but you know that new compilers have been added to your
 .. code-block:: console
-   $ module load gcc/4.9.0
+   $ module load gcc-4.9.0
   $ spack compiler find
   ==> Added 1 new compiler to ~/.spack/linux/compilers.yaml
       gcc@4.9.0
@@ -365,8 +367,7 @@ Manual compiler configuration
 If auto-detection fails, you can manually configure a compiler by
 editing your ``~/.spack/<platform>/compilers.yaml`` file.  You can do this by running
-``spack config edit compilers``, which will open the file in
+``spack config edit compilers``, which will open the file in your ``$EDITOR``.
 :ref:`your favorite editor <controlling-the-editor>`.
 Each compiler configuration in the file looks like this:
@@ -1504,7 +1505,7 @@ Spack On Windows
 Windows support for Spack is currently under development. While this work is still in an early stage,
 it is currently possible to set up Spack and perform a few operations on Windows.  This section will guide
-you through the steps needed to install Spack and start running it on a fresh Windows machine.
+you through the steps needed to install Spack and start running it on a fresh Windows machine. 
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Step 1: Install prerequisites
@@ -1514,7 +1515,7 @@ To use Spack on Windows, you will need the following packages:
 Required:
 * Microsoft Visual Studio
-* Python
+* Python 
 * Git
 Optional:
@@ -1545,8 +1546,8 @@ Intel Fortran
 """""""""""""
 For Fortran-based packages on Windows, we strongly recommend Intel's oneAPI Fortran compilers.
-The suite is free to download from Intel's website, located at
+The suite is free to download from Intel's website, located at 
-https://software.intel.com/content/www/us/en/develop/tools/oneapi/components/fortran-compiler.html.
+https://software.intel.com/content/www/us/en/develop/tools/oneapi/components/fortran-compiler.html#gs.70t5tw.
 The executable of choice for Spack will be Intel's Beta Compiler, ifx, which supports the classic
 compiler's (ifort's) frontend and runtime libraries by using LLVM.
@@ -1595,8 +1596,8 @@ in a Windows CMD prompt.
 .. note::
   If you chose to install Spack into a directory on Windows that is set up to require Administrative
-   Privileges, Spack will require elevated privileges to run.
+   Privleges, Spack will require elevated privleges to run.
-   Administrative Privileges can be denoted either by default such as
+   Administrative Privleges can be denoted either by default such as
   ``C:\Program Files``, or aministrator applied administrative restrictions
   on a directory that spack installs files to such as ``C:\Users``
@@ -1692,21 +1693,33 @@ Spack console via:
   spack install cpuinfo
-If in the previous step, you did not have CMake or Ninja installed, running the command above should bootstrap both packages
+If in the previous step, you did not have CMake or Ninja installed, running the command above should boostrap both packages
 """""""""""""""""""""""""""
 Windows Compatible Packages
 """""""""""""""""""""""""""
-Not all spack packages currently have Windows support. Some are inherently incompatible with the
+Many Spack packages are not currently compatible with Windows, due to Unix
-platform, and others simply have yet to be ported. To view the current set of packages with Windows
+dependencies or incompatible build tools like autoconf. Here are several
-support, the list command should be used via `spack list -t windows`. If there's a package you'd like
+packages known to work on Windows:
-to install on Windows but is not in that list, feel free to reach out to request the port or contribute
+
-the port yourself.
+* abseil-cpp
 * clingo
 * cpuinfo
 * cmake
 * glm
 * nasm
 * netlib-lapack (requires Intel Fortran)
 * ninja
 * openssl
 * perl
 * python
 * ruby
 * wrf
 * zlib
 .. note::
-   This is by no means a comprehensive list, some packages may have ports that were not tagged
+   This is by no means a comprehensive list
   while others may just work out of the box on Windows and have not been tagged as such.
 ^^^^^^^^^^^^^^
 For developers
@@ -1718,4 +1731,3 @@ Instructions for creating the installer are at
 https://github.com/spack/spack/blob/develop/lib/spack/spack/cmd/installer/README.md
 Alternatively a pre-built copy of the Windows installer is available as an artifact of Spack's Windows CI
 available at each run of the CI on develop or any PR.
--- a/lib/spack/docs/gpu_configuration.rst
+++ b/lib/spack/docs/gpu_configuration.rst
@@ -1,113 +0,0 @@
 .. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 ==========================
 Using External GPU Support
 ==========================
 Many packages come with a ``+cuda`` or ``+rocm`` variant. With no added
 configuration Spack will download and install the needed components.
 It may be preferable to use existing system support: the following sections
 help with using a system installation of GPU libraries.
 -----------------------------------
 Using an External ROCm Installation
 -----------------------------------
 Spack breaks down ROCm into many separate component packages. The following
 is an example ``packages.yaml`` that organizes a consistent set of ROCm
 components for use by dependent packages:
 .. code-block:: yaml
   packages:
     all:
       compiler: [rocmcc@=5.3.0]
       variants: amdgpu_target=gfx90a
     hip:
       buildable: false
       externals:
       - spec: hip@5.3.0
         prefix: /opt/rocm-5.3.0/hip
     hsa-rocr-dev:
       buildable: false
       externals:
       - spec: hsa-rocr-dev@5.3.0
         prefix: /opt/rocm-5.3.0/
     llvm-amdgpu:
       buildable: false
       externals:
       - spec: llvm-amdgpu@5.3.0
         prefix: /opt/rocm-5.3.0/llvm/
     comgr:
       buildable: false
       externals:
       - spec: comgr@5.3.0
         prefix: /opt/rocm-5.3.0/
     hipsparse:
       buildable: false
       externals:
       - spec: hipsparse@5.3.0
         prefix: /opt/rocm-5.3.0/
     hipblas:
       buildable: false
       externals:
       - spec: hipblas@5.3.0
         prefix: /opt/rocm-5.3.0/
     rocblas:
       buildable: false
       externals:
       - spec: rocblas@5.3.0
         prefix: /opt/rocm-5.3.0/
     rocprim:
       buildable: false
       externals:
       - spec: rocprim@5.3.0
         prefix: /opt/rocm-5.3.0/rocprim/
 This is in combination with the following compiler definition:
 .. code-block:: yaml
   compilers:
   - compiler:
       spec: rocmcc@=5.3.0
       paths:
         cc: /opt/rocm-5.3.0/bin/amdclang
         cxx: /opt/rocm-5.3.0/bin/amdclang++
         f77: null
         fc: /opt/rocm-5.3.0/bin/amdflang
       operating_system: rhel8
       target: x86_64
 This includes the following considerations:
 - Each of the listed externals specifies ``buildable: false`` to force Spack
  to use only the externals we defined.
 - ``spack external find`` can automatically locate some of the ``hip``/``rocm``
  packages, but not all of them, and furthermore not in a manner that
  guarantees a complementary set if multiple ROCm installations are available.
 - The ``prefix`` is the same for several components, but note that others
  require listing one of the subdirectories as a prefix.
 -----------------------------------
 Using an External CUDA Installation
 -----------------------------------
 CUDA is split into fewer components and is simpler to specify:
 .. code-block:: yaml
   packages:
     all:
       variants:
       - cuda_arch=70
     cuda:
       buildable: false
       externals:
       - spec: cuda@11.0.2
         prefix: /opt/cuda/cuda-11.0.2/
 where ``/opt/cuda/cuda-11.0.2/lib/`` contains ``libcudart.so``.
--- a/lib/spack/docs/images/shapely_duplicates.svg
+++ b/lib/spack/docs/images/shapely_duplicates.svg
--- a/lib/spack/docs/index.rst
+++ b/lib/spack/docs/index.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -54,15 +54,9 @@ or refer to the full manual below.
   features
   getting_started
   basic_usage
   Tutorial: Spack 101 <https://spack-tutorial.readthedocs.io>
   replace_conda_homebrew
-
+   known_issues
 .. toctree::
   :maxdepth: 2
   :caption: Links
   Tutorial (spack-tutorial.rtfd.io) <https://spack-tutorial.readthedocs.io>
   Packages (packages.spack.io) <https://packages.spack.io>
   Binaries (binaries.spack.io) <https://cache.spack.io>
 .. toctree::
   :maxdepth: 2
@@ -74,16 +68,22 @@ or refer to the full manual below.
   build_settings
   environments
   containers
   monitoring
   mirrors
   module_file_support
   repositories
   binary_caches
   command_index
   package_list
   chain
   extensions
   pipelines
-   signing
+
-   gpu_configuration
+.. toctree::
   :maxdepth: 2
   :caption: Research
   analyze
 .. toctree::
   :maxdepth: 2
--- a/lib/spack/docs/known_issues.rst
+++ b/lib/spack/docs/known_issues.rst
@@ -0,0 +1,40 @@
 .. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 ============
 Known Issues
 ============
 This is a list of known issues in Spack. It provides ways of getting around these
 problems if you encounter them.
 ------------------------------------------------
 Spack does not seem to respect ``packages.yaml``
 ------------------------------------------------
 .. note::
   This issue is **resolved** as of v0.19.0.dev0 commit
   `8281a0c5feabfc4fe180846d6fe95cfe53420bc5`, through the introduction of package
   requirements. See :ref:`package-requirements`.
 A common problem in Spack v0.18.0 up to v0.19.0.dev0 is that package, compiler and target
 preferences specified in ``packages.yaml`` do not seem to be respected. Spack picks the
 "wrong" compilers and their versions, package versions and variants, and
 micro-architectures.
 This is however not a bug. In order to reduce the number of builds of the same
 packages, the concretizer values reuse of installed packages higher than preferences
 set in ``packages.yaml``. Note that ``packages.yaml`` specifies only preferences, not
 hard constraints.
 There are multiple workarounds:
 1. Disable reuse during concretization: ``spack install --fresh <spec>`` when installing
   from the command line, or ``spack concretize --fresh --force`` when using
   environments.  
 2. Turn preferences into constrains, by moving them to the input spec. For example,
   use ``spack spec zlib%gcc@12`` when you want to force GCC 12 even if ``zlib`` was
   already installed with GCC 10.
--- a/lib/spack/docs/mirrors.rst
+++ b/lib/spack/docs/mirrors.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -163,7 +163,7 @@ your site.
 Mirror environment
 ^^^^^^^^^^^^^^^^^^
-To create a mirror of all packages required by a concrete environment, activate the environment and call ``spack mirror create -a``.
+To create a mirror of all packages required by a concerte environment, activate the environment and call ``spack mirror create -a``.
 This is especially useful to create a mirror of an environment concretized on another machine.
 .. code-block:: console
--- a/lib/spack/docs/module_file_support.rst
+++ b/lib/spack/docs/module_file_support.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -13,7 +13,7 @@ The use of module systems to manage user environment in a controlled way
 is a common practice at HPC centers that is often embraced also by
 individual programmers on their development machines. To support this
 common practice Spack integrates with `Environment Modules
-<http://modules.sourceforge.net/>`_ and `Lmod
+<http://modules.sourceforge.net/>`_ and `LMod
 <http://lmod.readthedocs.io/en/latest/>`_ by providing post-install hooks
 that generate module files and commands to manipulate them.
@@ -26,8 +26,8 @@ Using module files via Spack
 ----------------------------
 If you have installed a supported module system you should be able to
-run ``module avail`` to see what module
+run either ``module avail`` or ``use -l spack`` to see what module
-files have been installed. Here is sample output of those programs,
+files have been installed.  Here is sample output of those programs,
 showing lots of installed packages:
 .. code-block:: console
@@ -35,27 +35,32 @@ showing lots of installed packages:
   $ module avail
   --------------------------------------------------------------- ~/spack/share/spack/modules/linux-ubuntu14-x86_64 ---------------------------------------------------------------
-   autoconf/2.69-gcc-4.8-qextxkq       hwloc/1.11.6-gcc-6.3.0-akcisez             m4/1.4.18-gcc-4.8-ev2znoc                   openblas/0.2.19-gcc-6.3.0-dhkmed6        py-setuptools/34.2.0-gcc-6.3.0-fadur4s
+   autoconf-2.69-gcc-4.8-qextxkq       hwloc-1.11.6-gcc-6.3.0-akcisez             m4-1.4.18-gcc-4.8-ev2znoc                   openblas-0.2.19-gcc-6.3.0-dhkmed6        py-setuptools-34.2.0-gcc-6.3.0-fadur4s
-   automake/1.15-gcc-4.8-maqvukj       isl/0.18-gcc-4.8-afi6taq                   m4/1.4.18-gcc-6.3.0-uppywnz                 openmpi/2.1.0-gcc-6.3.0-go2s4z5          py-six/1.10.0-gcc-6.3.0-p4dhkaw
+   automake-1.15-gcc-4.8-maqvukj       isl-0.18-gcc-4.8-afi6taq                   m4-1.4.18-gcc-6.3.0-uppywnz                 openmpi-2.1.0-gcc-6.3.0-go2s4z5          py-six-1.10.0-gcc-6.3.0-p4dhkaw
-   binutils/2.28-gcc-4.8-5s7c6rs       libiconv/1.15-gcc-4.8-at46wg3              mawk/1.3.4-gcc-4.8-acjez57                  openssl/1.0.2k-gcc-4.8-dkls5tk           python/2.7.13-gcc-6.3.0-tyehea7
+   binutils-2.28-gcc-4.8-5s7c6rs       libiconv-1.15-gcc-4.8-at46wg3              mawk-1.3.4-gcc-4.8-acjez57                  openssl-1.0.2k-gcc-4.8-dkls5tk           python-2.7.13-gcc-6.3.0-tyehea7
-   bison/3.0.4-gcc-4.8-ek4luo5         libpciaccess/0.13.4-gcc-6.3.0-gmufnvh      mawk/1.3.4-gcc-6.3.0-ostdoms                openssl/1.0.2k-gcc-6.3.0-gxgr5or         readline/7.0-gcc-4.8-xhufqhn
+   bison-3.0.4-gcc-4.8-ek4luo5         libpciaccess-0.13.4-gcc-6.3.0-gmufnvh      mawk-1.3.4-gcc-6.3.0-ostdoms                openssl-1.0.2k-gcc-6.3.0-gxgr5or         readline-7.0-gcc-4.8-xhufqhn
-   bzip2/1.0.6-gcc-4.8-iffrxzn         libsigsegv/2.11-gcc-4.8-pp2cvte            mpc/1.0.3-gcc-4.8-g5mztc5                   pcre/8.40-gcc-4.8-r5pbrxb                readline/7.0-gcc-6.3.0-zzcyicg
+   bzip2-1.0.6-gcc-4.8-iffrxzn         libsigsegv-2.11-gcc-4.8-pp2cvte            mpc-1.0.3-gcc-4.8-g5mztc5                   pcre-8.40-gcc-4.8-r5pbrxb                readline-7.0-gcc-6.3.0-zzcyicg
-   bzip2/1.0.6-gcc-6.3.0-bequudr       libsigsegv/2.11-gcc-6.3.0-7enifnh          mpfr/3.1.5-gcc-4.8-o7xm7az                  perl/5.24.1-gcc-4.8-dg5j65u              sqlite/3.8.5-gcc-6.3.0-6zoruzj
+   bzip2-1.0.6-gcc-6.3.0-bequudr       libsigsegv-2.11-gcc-6.3.0-7enifnh          mpfr-3.1.5-gcc-4.8-o7xm7az                  perl-5.24.1-gcc-4.8-dg5j65u              sqlite-3.8.5-gcc-6.3.0-6zoruzj
-   cmake/3.7.2-gcc-6.3.0-fowuuby       libtool/2.4.6-gcc-4.8-7a523za              mpich/3.2-gcc-6.3.0-dmvd3aw                 perl/5.24.1-gcc-6.3.0-6uzkpt6            tar/1.29-gcc-4.8-wse2ass
+   cmake-3.7.2-gcc-6.3.0-fowuuby       libtool-2.4.6-gcc-4.8-7a523za              mpich-3.2-gcc-6.3.0-dmvd3aw                 perl-5.24.1-gcc-6.3.0-6uzkpt6            tar-1.29-gcc-4.8-wse2ass
-   curl/7.53.1-gcc-4.8-3fz46n6         libtool/2.4.6-gcc-6.3.0-n7zmbzt            ncurses/6.0-gcc-4.8-dcpe7ia                 pkg-config/0.29.2-gcc-4.8-ib33t75        tcl/8.6.6-gcc-4.8-tfxzqbr
+   curl-7.53.1-gcc-4.8-3fz46n6         libtool-2.4.6-gcc-6.3.0-n7zmbzt            ncurses-6.0-gcc-4.8-dcpe7ia                 pkg-config-0.29.2-gcc-4.8-ib33t75        tcl-8.6.6-gcc-4.8-tfxzqbr
-   expat/2.2.0-gcc-4.8-mrv6bd4         libxml2/2.9.4-gcc-4.8-ryzxnsu              ncurses/6.0-gcc-6.3.0-ucbhcdy               pkg-config/0.29.2-gcc-6.3.0-jpgubk3      util-macros/1.19.1-gcc-6.3.0-xorz2x2
+   expat-2.2.0-gcc-4.8-mrv6bd4         libxml2-2.9.4-gcc-4.8-ryzxnsu              ncurses-6.0-gcc-6.3.0-ucbhcdy               pkg-config-0.29.2-gcc-6.3.0-jpgubk3      util-macros-1.19.1-gcc-6.3.0-xorz2x2
-   flex/2.6.3-gcc-4.8-yf345oo          libxml2/2.9.4-gcc-6.3.0-rltzsdh            netlib-lapack/3.6.1-gcc-6.3.0-js33dog       py-appdirs/1.4.0-gcc-6.3.0-jxawmw7       xz/5.2.3-gcc-4.8-mew4log
+   flex-2.6.3-gcc-4.8-yf345oo          libxml2-2.9.4-gcc-6.3.0-rltzsdh            netlib-lapack-3.6.1-gcc-6.3.0-js33dog       py-appdirs-1.4.0-gcc-6.3.0-jxawmw7       xz-5.2.3-gcc-4.8-mew4log
-   gcc/6.3.0-gcc-4.8-24puqve           lmod/7.4.1-gcc-4.8-je4srhr                 netlib-scalapack/2.0.2-gcc-6.3.0-5aidk4l    py-numpy/1.12.0-gcc-6.3.0-oemmoeu        xz/5.2.3-gcc-6.3.0-3vqeuvb
+   gcc-6.3.0-gcc-4.8-24puqve           lmod-7.4.1-gcc-4.8-je4srhr                 netlib-scalapack-2.0.2-gcc-6.3.0-5aidk4l    py-numpy-1.12.0-gcc-6.3.0-oemmoeu        xz-5.2.3-gcc-6.3.0-3vqeuvb
-   gettext/0.19.8.1-gcc-4.8-yymghlh    lua/5.3.4-gcc-4.8-im75yaz                  netlib-scalapack/2.0.2-gcc-6.3.0-hjsemcn    py-packaging/16.8-gcc-6.3.0-i2n3dtl      zip/3.0-gcc-4.8-rwar22d
+   gettext-0.19.8.1-gcc-4.8-yymghlh    lua-5.3.4-gcc-4.8-im75yaz                  netlib-scalapack-2.0.2-gcc-6.3.0-hjsemcn    py-packaging-16.8-gcc-6.3.0-i2n3dtl      zip-3.0-gcc-4.8-rwar22d
-   gmp/6.1.2-gcc-4.8-5ub2wu5           lua-luafilesystem/1_6_3-gcc-4.8-wkey3nl    netlib-scalapack/2.0.2-gcc-6.3.0-jva724b    py-pyparsing/2.1.10-gcc-6.3.0-tbo6gmw    zlib/1.2.11-gcc-4.8-pgxsxv7
+   gmp-6.1.2-gcc-4.8-5ub2wu5           lua-luafilesystem-1_6_3-gcc-4.8-wkey3nl    netlib-scalapack-2.0.2-gcc-6.3.0-jva724b    py-pyparsing-2.1.10-gcc-6.3.0-tbo6gmw    zlib-1.2.11-gcc-4.8-pgxsxv7
-   help2man/1.47.4-gcc-4.8-kcnqmau     lua-luaposix/33.4.0-gcc-4.8-mdod2ry        netlib-scalapack/2.0.2-gcc-6.3.0-rgqfr6d    py-scipy/0.19.0-gcc-6.3.0-kr7nat4        zlib/1.2.11-gcc-6.3.0-7cqp6cj
+   help2man-1.47.4-gcc-4.8-kcnqmau     lua-luaposix-33.4.0-gcc-4.8-mdod2ry        netlib-scalapack-2.0.2-gcc-6.3.0-rgqfr6d    py-scipy-0.19.0-gcc-6.3.0-kr7nat4        zlib-1.2.11-gcc-6.3.0-7cqp6cj
 The names should look familiar, as they resemble the output from ``spack find``.
-For example, you could type the following command to load the ``cmake`` module:
+You *can* use the modules here directly.  For example, you could type either of these commands
 to load the ``cmake`` module:
 .. code-block:: console
-   $ module load cmake/3.7.2-gcc-6.3.0-fowuuby
+   $ use cmake-3.7.2-gcc-6.3.0-fowuuby
 .. code-block:: console
   $ module load cmake-3.7.2-gcc-6.3.0-fowuuby
 Neither of these is particularly pretty, easy to remember, or easy to
 type. Luckily, Spack offers many facilities for customizing the module
@@ -88,9 +93,9 @@ the different file formats that can be generated by Spack:
  +-----------------------------+--------------------+-------------------------------+----------------------------------------------+----------------------+
  |                             | **Hook name**      |  **Default root directory**   | **Default template file**                    | **Compatible tools** |
  +=============================+====================+===============================+==============================================+======================+
-  |  **Tcl - Non-Hierarchical** | ``tcl``            |  share/spack/modules          | share/spack/templates/modules/modulefile.tcl | Env. Modules/Lmod    |
+  |  **TCL - Non-Hierarchical** | ``tcl``            |  share/spack/modules          | share/spack/templates/modules/modulefile.tcl | Env. Modules/LMod    |
  +-----------------------------+--------------------+-------------------------------+----------------------------------------------+----------------------+
-  |  **Lua - Hierarchical**     | ``lmod``           |  share/spack/lmod             | share/spack/templates/modules/modulefile.lua | Lmod                 |
+  |  **Lua - Hierarchical**     | ``lmod``           |  share/spack/lmod             | share/spack/templates/modules/modulefile.lua | LMod                 |
  +-----------------------------+--------------------+-------------------------------+----------------------------------------------+----------------------+
@@ -275,12 +280,10 @@ of the installed software. For instance, in the snippet below:
             set:
               BAR: 'bar'
         # This anonymous spec selects any package that
-         # depends on mpi. The double colon at the
+         # depends on openmpi. The double colon at the
         # end clears the set of rules that matched so far.
-         ^mpi::
+         ^openmpi::
           environment:
             prepend_path:
               PATH: '{^mpi.prefix}/bin'
             set:
               BAR: 'baz'
         # Selects any zlib package
@@ -295,9 +298,7 @@ of the installed software. For instance, in the snippet below:
             - FOOBAR
 you are instructing Spack to set the environment variable ``BAR=bar`` for every module,
-unless the associated spec satisfies the abstract dependency ``^mpi`` in which case
+unless the associated spec satisfies ``^openmpi`` in which case ``BAR=baz``.
 ``BAR=baz``, and the directory containing the respective MPI executables is prepended
 to the ``PATH`` variable.
 In addition in any spec that satisfies ``zlib`` the value ``foo`` will be
 prepended to ``LD_LIBRARY_PATH`` and in any spec that satisfies ``zlib%gcc@4.8``
 the variable ``FOOBAR`` will be unset.
@@ -395,41 +396,39 @@ name and version for all packages that depend on mpi.
 When specifying module names by projection for Lmod modules, we
 recommend NOT including names of dependencies (e.g., MPI, compilers)
-that are already in the Lmod hierarchy.
+that are already in the LMod hierarchy.
 .. note::
-   Tcl and Lua modules also allow for explicit conflicts between modulefiles.
+   TCL modules
     TCL modules also allow for explicit conflicts between modulefiles.
-   .. code-block:: yaml
+     .. code-block:: yaml
-      modules:
+        modules:
-        default:
+          default:
-          enable:
+            enable:
-            - tcl
+              - tcl
-          tcl:
+            tcl:
-            projections:
+              projections:
-              all: '{name}/{version}-{compiler.name}-{compiler.version}'
+                all: '{name}/{version}-{compiler.name}-{compiler.version}'
-            all:
+              all:
-              conflict:
+                conflict:
-                - '{name}'
+                  - '{name}'
-                - 'intel/14.0.1'
+                  - 'intel/14.0.1'
-   will create module files that will conflict with ``intel/14.0.1`` and with the
+     will create module files that will conflict with ``intel/14.0.1`` and with the
-   base directory of the same module, effectively preventing the possibility to
+     base directory of the same module, effectively preventing the possibility to
-   load two or more versions of the same software at the same time. The tokens
+     load two or more versions of the same software at the same time. The tokens
-   that are available for use in this directive are the same understood by the
+     that are available for use in this directive are the same understood by
-   :meth:`~spack.spec.Spec.format` method.
+     the :meth:`~spack.spec.Spec.format` method.
   For Lmod and Environment Modules versions prior 4.2, it is important to
   express the conflict on both modulefiles conflicting with each other.
 .. note::
-   Lmod hierarchical module files
+   LMod hierarchical module files
     When ``lmod`` is activated Spack will generate a set of hierarchical lua module
-     files that are understood by Lmod. The hierarchy will always contain the
+     files that are understood by LMod. The hierarchy will always contain the
     two layers ``Core`` / ``Compiler`` but can be further extended to
     any of the virtual dependencies present in Spack. A case that could be useful in
     practice is for instance:
@@ -451,7 +450,7 @@ that are already in the Lmod hierarchy.
     that will generate a hierarchy in which the ``lapack`` and ``mpi`` layer can be switched
     independently. This allows a site to build the same libraries or applications against different
-     implementations of ``mpi`` and ``lapack``, and let Lmod switch safely from one to the
+     implementations of ``mpi`` and ``lapack``, and let LMod switch safely from one to the
     other.
     All packages built with a compiler in ``core_compilers`` and all
@@ -461,12 +460,12 @@ that are already in the Lmod hierarchy.
 .. warning::
  Consistency of Core packages
   The user is responsible for maintining consistency among core packages, as ``core_specs``
-   bypasses the hierarchy that allows Lmod to safely switch between coherent software stacks.
+   bypasses the hierarchy that allows LMod to safely switch between coherent software stacks.
 .. warning::
  Deep hierarchies and ``lmod spider``
   For hierarchies that are deeper than three layers ``lmod spider`` may have some issues.
-   See `this discussion on the Lmod project <https://github.com/TACC/Lmod/issues/114>`_.
+   See `this discussion on the LMod project <https://github.com/TACC/Lmod/issues/114>`_.
 """"""""""""""""""""""
 Select default modules
@@ -535,7 +534,7 @@ installed to ``/spack/prefix/foo``, if ``foo`` installs executables to
 update ``MANPATH``.
 The default list of environment variables in this config section
-includes ``PATH``, ``MANPATH``, ``ACLOCAL_PATH``, ``PKG_CONFIG_PATH``
+inludes ``PATH``, ``MANPATH``, ``ACLOCAL_PATH``, ``PKG_CONFIG_PATH``
 and ``CMAKE_PREFIX_PATH``, as well as ``DYLD_FALLBACK_LIBRARY_PATH``
 on macOS. On Linux however, the corresponding ``LD_LIBRARY_PATH``
 variable is *not* set, because it affects the behavior of
@@ -635,9 +634,8 @@ by its dependency; when the dependency is autoloaded, the executable will be in
 PATH. Similarly for scripting languages such as Python, packages and their dependencies
 have to be loaded together.
-Autoloading is enabled by default for Lmod and Environment Modules. The former
+Autoloading is enabled by default for LMod, as it has great builtin support for through
-has builtin support for through the ``depends_on`` function. The latter uses
+the ``depends_on`` function. For Environment Modules it is disabled by default.
 ``module load`` statement to load and track dependencies.
 Autoloading can also be enabled conditionally:
@@ -657,14 +655,12 @@ The allowed values for the ``autoload`` statement are either ``none``,
 ``direct`` or ``all``.
 .. note::
-  Tcl prerequisites
+  TCL prerequisites
     In the ``tcl`` section of the configuration file it is possible to use
     the ``prerequisites`` directive that accepts the same values as
     ``autoload``. It will produce module files that have a ``prereq``
-     statement, which autoloads dependencies on Environment Modules when its
+     statement, which can be used to autoload dependencies in some versions
-     ``auto_handling`` configuration option is enabled. If Environment Modules
+     of Environment Modules.
     is installed with Spack, ``auto_handling`` is enabled by default starting
     version 4.2. Otherwise it is enabled by default since version 5.0.
 ------------------------
 Maintaining Module Files
@@ -785,35 +781,35 @@ cut-and-pasted into a shell script.  For example:
    $ spack module tcl loads --dependencies py-numpy git
    # bzip2@1.0.6%gcc@4.9.3=linux-x86_64
-    module load bzip2/1.0.6-gcc-4.9.3-ktnrhkrmbbtlvnagfatrarzjojmkvzsx
+    module load bzip2-1.0.6-gcc-4.9.3-ktnrhkrmbbtlvnagfatrarzjojmkvzsx
    # ncurses@6.0%gcc@4.9.3=linux-x86_64
-    module load ncurses/6.0-gcc-4.9.3-kaazyneh3bjkfnalunchyqtygoe2mncv
+    module load ncurses-6.0-gcc-4.9.3-kaazyneh3bjkfnalunchyqtygoe2mncv
    # zlib@1.2.8%gcc@4.9.3=linux-x86_64
-    module load zlib/1.2.8-gcc-4.9.3-v3ufwaahjnviyvgjcelo36nywx2ufj7z
+    module load zlib-1.2.8-gcc-4.9.3-v3ufwaahjnviyvgjcelo36nywx2ufj7z
    # sqlite@3.8.5%gcc@4.9.3=linux-x86_64
-    module load sqlite/3.8.5-gcc-4.9.3-a3eediswgd5f3rmto7g3szoew5nhehbr
+    module load sqlite-3.8.5-gcc-4.9.3-a3eediswgd5f3rmto7g3szoew5nhehbr
    # readline@6.3%gcc@4.9.3=linux-x86_64
-    module load readline/6.3-gcc-4.9.3-se6r3lsycrwxyhreg4lqirp6xixxejh3
+    module load readline-6.3-gcc-4.9.3-se6r3lsycrwxyhreg4lqirp6xixxejh3
    # python@3.5.1%gcc@4.9.3=linux-x86_64
-    module load python/3.5.1-gcc-4.9.3-5q5rsrtjld4u6jiicuvtnx52m7tfhegi
+    module load python-3.5.1-gcc-4.9.3-5q5rsrtjld4u6jiicuvtnx52m7tfhegi
    # py-setuptools@20.5%gcc@4.9.3=linux-x86_64
-    module load py-setuptools/20.5-gcc-4.9.3-4qr2suj6p6glepnedmwhl4f62x64wxw2
+    module load py-setuptools-20.5-gcc-4.9.3-4qr2suj6p6glepnedmwhl4f62x64wxw2
    # py-nose@1.3.7%gcc@4.9.3=linux-x86_64
-    module load py-nose/1.3.7-gcc-4.9.3-pwhtjw2dvdvfzjwuuztkzr7b4l6zepli
+    module load py-nose-1.3.7-gcc-4.9.3-pwhtjw2dvdvfzjwuuztkzr7b4l6zepli
    # openblas@0.2.17%gcc@4.9.3+shared=linux-x86_64
-    module load openblas/0.2.17-gcc-4.9.3-pw6rmlom7apfsnjtzfttyayzc7nx5e7y
+    module load openblas-0.2.17-gcc-4.9.3-pw6rmlom7apfsnjtzfttyayzc7nx5e7y
    # py-numpy@1.11.0%gcc@4.9.3+blas+lapack=linux-x86_64
-    module load py-numpy/1.11.0-gcc-4.9.3-mulodttw5pcyjufva4htsktwty4qd52r
+    module load py-numpy-1.11.0-gcc-4.9.3-mulodttw5pcyjufva4htsktwty4qd52r
    # curl@7.47.1%gcc@4.9.3=linux-x86_64
-    module load curl/7.47.1-gcc-4.9.3-ohz3fwsepm3b462p5lnaquv7op7naqbi
+    module load curl-7.47.1-gcc-4.9.3-ohz3fwsepm3b462p5lnaquv7op7naqbi
    # autoconf@2.69%gcc@4.9.3=linux-x86_64
-    module load autoconf/2.69-gcc-4.9.3-bkibjqhgqm5e3o423ogfv2y3o6h2uoq4
+    module load autoconf-2.69-gcc-4.9.3-bkibjqhgqm5e3o423ogfv2y3o6h2uoq4
    # cmake@3.5.0%gcc@4.9.3~doc+ncurses+openssl~qt=linux-x86_64
-    module load cmake/3.5.0-gcc-4.9.3-x7xnsklmgwla3ubfgzppamtbqk5rwn7t
+    module load cmake-3.5.0-gcc-4.9.3-x7xnsklmgwla3ubfgzppamtbqk5rwn7t
    # expat@2.1.0%gcc@4.9.3=linux-x86_64
-    module load expat/2.1.0-gcc-4.9.3-6pkz2ucnk2e62imwakejjvbv6egncppd
+    module load expat-2.1.0-gcc-4.9.3-6pkz2ucnk2e62imwakejjvbv6egncppd
    # git@2.8.0-rc2%gcc@4.9.3+curl+expat=linux-x86_64
-    module load git/2.8.0-rc2-gcc-4.9.3-3bib4hqtnv5xjjoq5ugt3inblt4xrgkd
+    module load git-2.8.0-rc2-gcc-4.9.3-3bib4hqtnv5xjjoq5ugt3inblt4xrgkd
 The script may be further edited by removing unnecessary modules.
@@ -832,12 +828,12 @@ For example, consider the following on one system:
 .. code-block:: console
    $ module avail
-    linux-SuSE11-x86_64/antlr/2.7.7-gcc-5.3.0-bdpl46y
+    linux-SuSE11-x86_64/antlr-2.7.7-gcc-5.3.0-bdpl46y
    $ spack module tcl loads antlr    # WRONG!
    # antlr@2.7.7%gcc@5.3.0~csharp+cxx~java~python arch=linux-SuSE11-x86_64
-    module load antlr/2.7.7-gcc-5.3.0-bdpl46y
+    module load antlr-2.7.7-gcc-5.3.0-bdpl46y
    $ spack module tcl loads --prefix linux-SuSE11-x86_64/ antlr
    # antlr@2.7.7%gcc@5.3.0~csharp+cxx~java~python arch=linux-SuSE11-x86_64
-    module load linux-SuSE11-x86_64/antlr/2.7.7-gcc-5.3.0-bdpl46y
+    module load linux-SuSE11-x86_64/antlr-2.7.7-gcc-5.3.0-bdpl46y
--- a/lib/spack/docs/monitoring.rst
+++ b/lib/spack/docs/monitoring.rst
@@ -0,0 +1,265 @@
 .. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _monitoring:
 ==========
 Monitoring
 ==========
 You can use a `spack monitor <https://github.com/spack/spack-monitor>`_ "Spackmon"
 server to store a database of your packages, builds, and associated metadata 
 for provenance, research, or some other kind of development. You should
 follow the instructions in the `spack monitor documentation <https://spack-monitor.readthedocs.org>`_
 to first create a server along with a username and token for yourself.
 You can then use this guide to interact with the server.
 -------------------
 Analysis Monitoring
 -------------------
 To read about how to monitor an analysis (meaning you want to send analysis results
 to a server) see :ref:`analyze_monitoring`.
 ---------------------
 Monitoring An Install
 ---------------------
 Since an install is typically when you build packages, we logically want
 to tell spack to monitor during this step. Let's start with an example
 where we want to monitor the install of hdf5. Unless you have disabled authentication
 for the server, we first want to export our spack monitor token and username to the environment:
 .. code-block:: console
    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
    $ export SPACKMON_USER=spacky
 By default, the host for your server is expected to be at ``http://127.0.0.1``
 with a prefix of ``ms1``, and if this is the case, you can simply add the
 ``--monitor`` flag to the install command:
 .. code-block:: console
    $ spack install --monitor hdf5
 If you need to customize the host or the prefix, you can do that as well:
 .. code-block:: console
    $ spack install --monitor --monitor-prefix monitor --monitor-host https://monitor-service.io hdf5
 As a precaution, we cut out early in the spack client if you have not provided
 authentication credentials. For example, if you run the command above without
 exporting your username or token, you'll see:
 .. code-block:: console
    ==> Error: You are required to export SPACKMON_TOKEN and SPACKMON_USER
 This extra check is to ensure that we don't start any builds,
 and then discover that you forgot to export your token. However, if 
 your monitoring server has authentication disabled, you can tell this to
 the client to skip this step:
 .. code-block:: console
    $ spack install --monitor --monitor-disable-auth hdf5
 If the service is not running, you'll cleanly exit early - the install will
 not continue if you've asked it to monitor and there is no service.
 For example, here is what you'll see if the monitoring service is not running:
 .. code-block:: console
    [Errno 111] Connection refused
 If you want to continue builds (and stop monitoring) you can set the ``--monitor-keep-going``
 flag. 
 .. code-block:: console
    $ spack install --monitor --monitor-keep-going hdf5
 This could mean that if a request fails, you only have partial or no data
 added to your monitoring database. This setting will not be applied to the
 first request to check if the server is running, but to subsequent requests.
 If you don't have a monitor server running and you want to build, simply
 don't provide the ``--monitor`` flag! Finally, if you want to provide one or
 more tags to your build, you can do:
 .. code-block:: console
    # Add one tag, "pizza"
    $ spack install --monitor --monitor-tags pizza hdf5
    # Add two tags, "pizza" and "pasta"
    $ spack install --monitor --monitor-tags pizza,pasta hdf5
 ----------------------------
 Monitoring with Containerize
 ----------------------------
 The same argument group is available to add to a containerize command. 
 ^^^^^^
 Docker
 ^^^^^^
 To add monitoring to a Docker container recipe generation using the defaults,
 and assuming a monitor server running on localhost, you would
 start with a spack.yaml in your present working directory:
 .. code-block:: yaml
   spack:
     specs:
       - samtools
 And then do:
 .. code-block:: console
    # preview first
    spack containerize --monitor
    # and then write to a Dockerfile
    spack containerize --monitor > Dockerfile
 The install command will be edited to include commands for enabling monitoring.
 However, getting secrets into the container for your monitor server is something
 that should be done carefully. Specifically you should:
 - Never try to define secrets as ENV, ARG, or using ``--build-arg``
 - Do not try to get the secret into the container via a "temporary" file that you remove (it in fact will still exist in a layer)
 Instead, it's recommended to use buildkit `as explained here <https://pythonspeed.com/articles/docker-build-secrets/>`_.
 You'll need to again export environment variables for your spack monitor server:
 .. code-block:: console
    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
    $ export SPACKMON_USER=spacky
 And then use buildkit along with your build and identifying the name of the secret:
 .. code-block:: console
    $ DOCKER_BUILDKIT=1 docker build --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
 The secrets are expected to come from your environment, and then will be temporarily mounted and available
 at ``/run/secrets/<name>``. If you forget to supply them (and authentication is required) the build
 will fail. If you need to build on your host (and interact with a spack monitor at localhost) you'll
 need to tell Docker to use the host network:
 .. code-block:: console
    $ DOCKER_BUILDKIT=1 docker build --network="host" --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
 ^^^^^^^^^^^
 Singularity
 ^^^^^^^^^^^
 To add monitoring to a Singularity container build, the spack.yaml needs to
 be modified slightly to specify wanting a different format:
 .. code-block:: yaml
   spack:
     specs:
       - samtools
     container:
       format: singularity
 Again, generate the recipe:
 .. code-block:: console
    # preview first
    $ spack containerize --monitor
    # then write to a Singularity recipe
    $ spack containerize --monitor > Singularity
 Singularity doesn't have a direct way to define secrets at build time, so we have
 to do a bit of a manual command to add a file, source secrets in it, and remove it.
 Since Singularity doesn't have layers like Docker, deleting a file will truly
 remove it from the container and history. So let's say we have this file,
 ``secrets.sh``:
 .. code-block:: console
    # secrets.sh
    export SPACKMON_USER=spack
    export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
 We would then generate the Singularity recipe, and add a files section,
 a source of that file at the start of ``%post``, and **importantly**
 a removal of the final at the end of that same section.
 .. code-block::
    Bootstrap: docker
    From: spack/ubuntu-bionic:latest
    Stage: build
    %files
      secrets.sh /opt/secrets.sh 
    %post
      . /opt/secrets.sh
      # spack install commands are here
      ...
      # Don't forget to remove here!
      rm /opt/secrets.sh
 You can then build the container as your normally would.
 .. code-block:: console
    $ sudo singularity build container.sif Singularity 
 ------------------
 Monitoring Offline
 ------------------
 In the case that you want to save monitor results to your filesystem
 and then upload them later (perhaps you are in an environment where you don't
 have credentials or it isn't safe to use them) you can use the ``--monitor-save-local``
 flag.
 .. code-block:: console
    $ spack install --monitor --monitor-save-local hdf5 
 This will save results in a subfolder, "monitor" in your designated spack
 reports folder, which defaults to ``$HOME/.spack/reports/monitor``. When
 you are ready to upload them to a spack monitor server:
 .. code-block:: console
    $ spack monitor upload ~/.spack/reports/monitor 
 You can choose the root directory of results as shown above, or a specific
 subdirectory. The command accepts other arguments to specify configuration
 for the monitor.
--- a/lib/spack/docs/package_list.rst
+++ b/lib/spack/docs/package_list.rst
@@ -0,0 +1,17 @@
 .. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _package-list:
 ============
 Package List
 ============
 This is a list of things you can install using Spack.  It is
 automatically generated based on the packages in this Spack
 version.
 .. raw:: html
   :file: package_list.html
--- a/lib/spack/docs/packaging_guide.rst
+++ b/lib/spack/docs/packaging_guide.rst
--- a/lib/spack/docs/pipelines.rst
+++ b/lib/spack/docs/pipelines.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -9,32 +9,27 @@
 CI Pipelines
 ============
-Spack provides commands that support generating and running automated build pipelines in CI instances.  At the highest
+Spack provides commands that support generating and running automated build
-level it works like this: provide a spack environment describing the set of packages you care about, and include a
+pipelines designed for Gitlab CI.  At the highest level it works like this:
-description of how those packages should be mapped to Gitlab runners.  Spack can then generate a ``.gitlab-ci.yml``
+provide a spack environment describing the set of packages you care about,
-file containing job descriptions for all your packages that can be run by a properly configured CI instance.  When
+and include within that environment file a description of how those packages
-run, the generated pipeline will build and deploy binaries, and it can optionally report to a CDash instance
+should be mapped to Gitlab runners.  Spack can then generate a ``.gitlab-ci.yml``
 file containing job descriptions for all your packages that can be run by a
 properly configured Gitlab CI instance.  When run, the generated pipeline will
 build and deploy binaries, and it can optionally report to a CDash instance
 regarding the health of the builds as they evolve over time.
 ------------------------------
 Getting started with pipelines
 ------------------------------
-To get started with automated build pipelines a Gitlab instance with version ``>= 12.9``
+It is fairly straightforward to get started with automated build pipelines.  At
-(more about Gitlab CI `here <https://about.gitlab.com/product/continuous-integration/>`_)
+a minimum, you'll need to set up a Gitlab instance (more about Gitlab CI
-with at least one `runner <https://docs.gitlab.com/runner/>`_ configured is required. This
+`here <https://about.gitlab.com/product/continuous-integration/>`_) and configure
-can be done quickly by setting up a local Gitlab instance.
+at least one `runner <https://docs.gitlab.com/runner/>`_.  Then the basic steps
 for setting up a build pipeline are as follows:
-It is possible to set up pipelines on gitlab.com, but the builds there are limited to
+#. Create a repository on your gitlab instance
 60 minutes and generic hardware.  It is possible to
 `hook up <https://about.gitlab.com/blog/2018/04/24/getting-started-gitlab-ci-gcp>`_
 Gitlab to Google Kubernetes Engine (`GKE <https://cloud.google.com/kubernetes-engine/>`_)
 or Amazon Elastic Kubernetes Service (`EKS <https://aws.amazon.com/eks>`_), though those
 topics are outside the scope of this document.
 After setting up a Gitlab instance for running CI, the basic steps for setting up a build pipeline are as follows:
 #. Create a repository in the Gitlab instance with CI and a runner enabled.
 #. Add a ``spack.yaml`` at the root containing your pipeline environment
 #. Add a ``.gitlab-ci.yml`` at the root containing two jobs (one to generate
   the pipeline dynamically, and one to run the generated jobs).
@@ -45,6 +40,13 @@ See the :ref:`functional_example` section for a minimal working example.  See al
 the :ref:`custom_Workflow` section for a link to an example of a custom workflow
 based on spack pipelines.
 While it is possible to set up pipelines on gitlab.com, as illustrated above, the
 builds there are limited to 60 minutes and generic hardware.  It is also possible to
 `hook up <https://about.gitlab.com/blog/2018/04/24/getting-started-gitlab-ci-gcp>`_
 Gitlab to Google Kubernetes Engine (`GKE <https://cloud.google.com/kubernetes-engine/>`_)
 or Amazon Elastic Kubernetes Service (`EKS <https://aws.amazon.com/eks>`_), though those
 topics are outside the scope of this document.
 Spack's pipelines are now making use of the
 `trigger <https://docs.gitlab.com/ee/ci/yaml/#trigger>`_ syntax to run
 dynamically generated
@@ -130,35 +132,29 @@ And here's the spack environment built by the pipeline represented as a
     mirrors: { "mirror": "s3://spack-public/mirror" }
-     ci:
+     gitlab-ci:
       before_script:
         - git clone ${SPACK_REPO}
         - pushd spack && git checkout ${SPACK_CHECKOUT_VERSION} && popd
         - . "./spack/share/spack/setup-env.sh"
       script:
         - pushd ${SPACK_CONCRETE_ENV_DIR} && spack env activate --without-view . && popd
         - spack -d ci rebuild
       mappings:
         - match: ["os=ubuntu18.04"]
           runner-attributes:
             image:
               name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
               entrypoint: [""]
             tags:
               - docker
       enable-artifacts-buildcache: True
       rebuild-index: False
       pipeline-gen:
       - any-job:
           before_script:
             - git clone ${SPACK_REPO}
             - pushd spack && git checkout ${SPACK_CHECKOUT_VERSION} && popd
             - . "./spack/share/spack/setup-env.sh"
       - build-job:
           tags: [docker]
           image:
             name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
             entrypoint: [""]
 The elements of this file important to spack ci pipelines are described in more
 detail below, but there are a couple of things to note about the above working
 example:
 .. note::
   There is no ``script`` attribute specified for here. The reason for this is
   Spack CI will automatically generate reasonable default scripts. More
   detail on what is in these scripts can be found below.
   Also notice the ``before_script`` section. It is required when using any of the
   default scripts to source the ``setup-env.sh`` script in order to inform
   the default scripts where to find the ``spack`` executable.
 Normally ``enable-artifacts-buildcache`` is not recommended in production as it
 results in large binary artifacts getting transferred back and forth between
 gitlab and the runners.  But in this example on gitlab.com where there is no
@@ -178,7 +174,7 @@ during subsequent pipeline runs.
   With the addition of reproducible builds (#22887) a previously working
   pipeline will require some changes:
-   * In the build-jobs, the environment location changed.
+   * In the build jobs (``runner-attributes``), the environment location changed.
     This will typically show as a ``KeyError`` in the failing job. Be sure to
     point to ``${SPACK_CONCRETE_ENV_DIR}``.
@@ -200,9 +196,9 @@ ci pipelines.  These commands are covered in more detail in this section.
 .. _cmd-spack-ci:
-^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
 ``spack ci``
-^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^
 Super-command for functionality related to generating pipelines and executing
 pipeline jobs.
@@ -213,16 +209,6 @@ pipeline jobs.
 ``spack ci generate``
 ^^^^^^^^^^^^^^^^^^^^^
 Throughout this documentation, references to the "mirror" mean the target
 mirror which is checked for the presence of up-to-date specs, and where
 any scheduled jobs should push built binary packages.  In the past, this
 defaulted to the mirror at index 0 in the mirror configs, and could be
 overridden using the ``--buildcache-destination`` argument. Starting with
 Spack 0.23, ``spack ci generate`` will require you to identify this mirror
 by the name "buildcache-destination".  While you can configure any number
 of mirrors as sources for your pipelines, you will need to identify the
 destination mirror by name.
 Concretizes the specs in the active environment, stages them (as described in
 :ref:`staging_algorithm`), and writes the resulting ``.gitlab-ci.yml`` to disk.
 During concretization of the environment, ``spack ci generate`` also writes a
@@ -241,7 +227,7 @@ Using ``--prune-dag`` or ``--no-prune-dag`` configures whether or not jobs are
 generated for specs that are already up to date on the mirror.   If enabling
 DAG pruning using ``--prune-dag``, more information may be required in your
 ``spack.yaml`` file, see the :ref:`noop_jobs` section below regarding
-``noop-job``.
+``service-job-attributes``.
 The optional ``--check-index-only`` argument can be used to speed up pipeline
 generation by telling spack to consider only remote buildcache indices when
@@ -277,11 +263,11 @@ generated by jobs in the pipeline.
 .. _cmd-spack-ci-rebuild:
-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^
 ``spack ci rebuild``
-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^
-The purpose of ``spack ci rebuild`` is to take an assigned
+The purpose of ``spack ci rebuild`` is straightforward: take its assigned
 spec and ensure a binary of a successful build exists on the target mirror.
 If the binary does not already exist, it is built from source and pushed
 to the mirror. The associated stand-alone tests are optionally run against
@@ -294,7 +280,7 @@ directory. The script is run in a job to install the spec from source. The
 resulting binary package is pushed to the mirror. If ``cdash`` is configured
 for the environment, then the build results will be uploaded to the site.
-Environment variables and values in the ``ci::pipeline-gen`` section of the
+Environment variables and values in the ``gitlab-ci`` section of the
 ``spack.yaml`` environment file provide inputs to this process. The
 two main sources of environment variables are variables written into
 ``.gitlab-ci.yml`` by ``spack ci generate`` and the GitLab CI runtime.
@@ -312,23 +298,21 @@ A snippet from an example ``spack.yaml`` file illustrating use of this
 option *and* specification of a package with broken tests is given below.
 The inclusion of a spec for building ``gptune`` is not shown here. Note
 that ``--tests`` is passed to ``spack ci rebuild`` as part of the
-``build-job`` script.
+``gitlab-ci`` script.
 .. code-block:: yaml
-  ci:
+  gitlab-ci:
-    pipeline-gen:
+    script:
-    - build-job
+      - . "./share/spack/setup-env.sh"
-        script:
+      - spack --version
-          - . "./share/spack/setup-env.sh"
+      - cd ${SPACK_CONCRETE_ENV_DIR}
-          - spack --version
+      - spack env activate --without-view .
-          - cd ${SPACK_CONCRETE_ENV_DIR}
+      - spack config add "config:install_tree:projections:${SPACK_JOB_SPEC_PKG_NAME}:'morepadding/{architecture}/{compiler.name}-{compiler.version}/{name}-{version}-{hash}'"
-          - spack env activate --without-view .
+       - mkdir -p ${SPACK_ARTIFACTS_ROOT}/user_data
-          - spack config add "config:install_tree:projections:${SPACK_JOB_SPEC_PKG_NAME}:'morepadding/{architecture}/{compiler.name}-{compiler.version}/{name}-{version}-{hash}'"
+       - if [[ -r /mnt/key/intermediate_ci_signing_key.gpg ]]; then spack gpg trust /mnt/key/intermediate_ci_signing_key.gpg; fi
-           - mkdir -p ${SPACK_ARTIFACTS_ROOT}/user_data
+       - if [[ -r /mnt/key/spack_public_key.gpg ]]; then spack gpg trust /mnt/key/spack_public_key.gpg; fi
-           - if [[ -r /mnt/key/intermediate_ci_signing_key.gpg ]]; then spack gpg trust /mnt/key/intermediate_ci_signing_key.gpg; fi
+       - spack -d ci rebuild --tests > >(tee ${SPACK_ARTIFACTS_ROOT}/user_data/pipeline_out.txt) 2> >(tee ${SPACK_ARTIFACTS_ROOT}/user_data/pipeline_err.txt >&2)
           - if [[ -r /mnt/key/spack_public_key.gpg ]]; then spack gpg trust /mnt/key/spack_public_key.gpg; fi
           - spack -d ci rebuild --tests > >(tee ${SPACK_ARTIFACTS_ROOT}/user_data/pipeline_out.txt) 2> >(tee ${SPACK_ARTIFACTS_ROOT}/user_data/pipeline_err.txt >&2)
     broken-tests-packages:
       - gptune
@@ -370,31 +354,113 @@ arguments you can pass to ``spack ci reproduce-build`` in order to reproduce
 a particular build locally.
 ------------------------------------
-Job Types
+A pipeline-enabled spack environment
 ------------------------------------
-^^^^^^^^^^^^^^^
+Here's an example of a spack environment file that has been enhanced with
-Rebuild (build)
+sections describing a build pipeline:
 ^^^^^^^^^^^^^^^
-Rebuild jobs, denoted as ``build-job``'s in the ``pipeline-gen`` list, are jobs
+.. code-block:: yaml
 associated with concrete specs that have been marked for rebuild. By default a simple
 script for doing rebuild is generated, but may be modified as needed.
-The default script does three main steps, change directories to the pipelines concrete
+   spack:
-environment, activate the concrete environment, and run the ``spack ci rebuild`` command:
+     definitions:
     - pkgs:
       - readline@7.0
     - compilers:
       - '%gcc@5.5.0'
     - oses:
       - os=ubuntu18.04
       - os=centos7
     specs:
     - matrix:
       - [$pkgs]
       - [$compilers]
       - [$oses]
     mirrors:
       cloud_gitlab: https://mirror.spack.io
     gitlab-ci:
       mappings:
         - match:
             - os=ubuntu18.04
           runner-attributes:
             tags:
               - spack-kube
             image: spack/ubuntu-bionic
         - match:
             - os=centos7
           runner-attributes:
             tags:
               - spack-kube
             image: spack/centos7
     cdash:
       build-group: Release Testing
       url: https://cdash.spack.io
       project: Spack
       site: Spack AWS Gitlab Instance
-.. code-block:: bash
+Hopefully, the ``definitions``, ``specs``, ``mirrors``, etc. sections are already
 familiar, as they are part of spack :ref:`environments`.  So let's take a more
 in-depth look some of the pipeline-related sections in that environment file
 that might not be as familiar.
-  cd ${concrete_environment_dir}
+The ``gitlab-ci`` section is used to configure how the pipeline workload should be
-  spack env activate --without-view .
+generated, mainly how the jobs for building specs should be assigned to the
-  spack ci rebuild
+configured runners on your instance.  Each entry within the list of ``mappings``
 corresponds to a known gitlab runner, where the ``match`` section is used
 in assigning a release spec to one of the runners, and the ``runner-attributes``
 section is used to configure the spec/job for that particular runner.
 Both the top-level ``gitlab-ci`` section as well as each ``runner-attributes``
 section can also contain the following keys: ``image``, ``tags``, ``variables``,
 ``before_script``, ``script``, and ``after_script``.  If any of these keys are
 provided at the ``gitlab-ci`` level, they will be used as the defaults for any
 ``runner-attributes``, unless they are overridden in those sections.  Specifying
 any of these keys at the ``runner-attributes`` level generally overrides the
 keys specified at the higher level, with a couple exceptions.  Any ``variables``
 specified at both levels result in those dictionaries getting merged in the
 resulting generated job, and any duplicate variable names get assigned the value
 provided in the specific ``runner-attributes``.  If ``tags`` are specified both
 at the ``gitlab-ci`` level as well as the ``runner-attributes`` level, then the
 lists of tags are combined, and any duplicates are removed.
 See the section below on using a custom spack for an example of how these keys
 could be used.
 There are other pipeline options you can configure within the ``gitlab-ci`` section
 as well.
 The ``bootstrap`` section allows you to specify lists of specs from
 your ``definitions`` that should be staged ahead of the environment's ``specs`` (this
 section is described in more detail below).  The ``enable-artifacts-buildcache`` key
 takes a boolean and determines whether the pipeline uses artifacts to store and
 pass along the buildcaches from one stage to the next (the default if you don't
 provide this option is ``False``).
 The optional ``broken-specs-url`` key tells Spack to check against a list of
 specs that are known to be currently broken in ``develop``. If any such specs
 are found, the ``spack ci generate`` command will fail with an error message
 informing the user what broken specs were encountered. This allows the pipeline
 to fail early and avoid wasting compute resources attempting to build packages
 that will not succeed.
 The optional ``cdash`` section provides information that will be used by the
 ``spack ci generate`` command (invoked by ``spack ci start``) for reporting
 to CDash.  All the jobs generated from this environment will belong to a
 "build group" within CDash that can be tracked over time.  As the release
 progresses, this build group may have jobs added or removed. The url, project,
 and site are used to specify the CDash instance to which build results should
 be reported.
 Take a look at the
 `schema <https://github.com/spack/spack/blob/develop/lib/spack/spack/schema/gitlab_ci.py>`_
 for the gitlab-ci section of the spack environment file, to see precisely what
 syntax is allowed there.
 .. _rebuild_index:
-^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Update Index (reindex)
+Note about rebuilding buildcache index
-^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 By default, while a pipeline job may rebuild a package, create a buildcache
 entry, and push it to the mirror, it does not automatically re-generate the
@@ -409,44 +475,21 @@ not correctly reflect the mirror's contents at the end of a pipeline.
 To make sure the buildcache index is up to date at the end of your pipeline,
 spack generates a job to update the buildcache index of the target mirror
 at the end of each pipeline by default.  You can disable this behavior by
-adding ``rebuild-index: False`` inside the ``ci`` section of your
+adding ``rebuild-index: False`` inside the ``gitlab-ci`` section of your
-spack environment.
+spack environment.  Spack will assign the job any runner attributes found
-
+on the ``service-job-attributes``, if you have provided that in your
-Reindex jobs do not allow modifying the ``script`` attribute since it is automatically
+``spack.yaml``.
 generated using the target mirror listed in the ``mirrors::mirror`` configuration.
 ^^^^^^^^^^^^^^^^^
 Signing (signing)
 ^^^^^^^^^^^^^^^^^
 This job is run after all of the rebuild jobs are completed and is intended to be used
 to sign the package binaries built by a protected CI run. Signing jobs are generated
 only if a signing job ``script`` is specified and the spack CI job type is protected.
 Note, if an ``any-job`` section contains a script, this will not implicitly create a
 ``signing`` job, a signing job may only exist if it is explicitly specified in the
 configuration with a ``script`` attribute. Specifying a signing job without a script
 does not create a signing job and the job configuration attributes will be ignored.
 Signing jobs are always assigned the runner tags ``aws``, ``protected``, and ``notary``.
 ^^^^^^^^^^^^^^^^^
 Cleanup (cleanup)
 ^^^^^^^^^^^^^^^^^
 When using ``temporary-storage-url-prefix`` the cleanup job will destroy the mirror
 created for the associated Gitlab pipeline. Cleanup jobs do not allow modifying the
 script, but do expect that the spack command is in the path and require a
 ``before_script`` to be specified that sources the ``setup-env.sh`` script.
 .. _noop_jobs:
-^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
-No Op (noop)
+Note about "no-op" jobs
-^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
 If no specs in an environment need to be rebuilt during a given pipeline run
 (meaning all are already up to date on the mirror), a single successful job
 (a NO-OP) is still generated to avoid an empty pipeline (which GitLab
-considers to be an error).  The ``noop-job*`` sections
+considers to be an error).  An optional ``service-job-attributes`` section
 can be added to your ``spack.yaml`` where you can provide ``tags`` and
 ``image`` or ``variables`` for the generated NO-OP job.  This section also
 supports providing ``before_script``, ``script``, and ``after_script``, in
@@ -456,100 +499,51 @@ Following is an example of this section added to a ``spack.yaml``:
 .. code-block:: yaml
-  spack:
+   spack:
-     ci:
+     specs:
-       pipeline-gen:
+       - openmpi
-       - noop-job:
+     mirrors:
-           tags: ['custom', 'tag']
+       cloud_gitlab: https://mirror.spack.io
-           image:
+     gitlab-ci:
-             name: 'some.image.registry/custom-image:latest'
+       mappings:
-             entrypoint: ['/bin/bash']
+         - match:
-           script::
+             - os=centos8
-             - echo "Custom message in a custom script"
+           runner-attributes:
             tags:
               - custom
               - tag
             image: spack/centos7
       service-job-attributes:
         tags: ['custom', 'tag']
         image:
           name: 'some.image.registry/custom-image:latest'
           entrypoint: ['/bin/bash']
         script:
           - echo "Custom message in a custom script"
 The example above illustrates how you can provide the attributes used to run
 the NO-OP job in the case of an empty pipeline.  The only field for the NO-OP
 job that might be generated for you is ``script``, but that will only happen
-if you do not provide one yourself. Notice in this example the ``script``
+if you do not provide one yourself.
 uses the ``::`` notation to prescribe override behavior. Without this, the
 ``echo`` command would have been prepended to the automatically generated script
 rather than replacing it.
------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-ci.yaml
+Assignment of specs to runners
------------------------------------
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Here's an example of a spack configuration file describing a build pipeline:
+The ``mappings`` section corresponds to a list of runners, and during assignment
 of specs to runners, the list is traversed in order looking for matches, the
 first runner that matches a release spec is assigned to build that spec.  The
 ``match`` section within each runner mapping section is a list of specs, and
 if any of those specs match the release spec (the ``spec.satisfies()`` method
 is used), then that runner is considered a match.
-.. code-block:: yaml
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Configuration of specs/jobs for a runner
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-  ci:
+Once a runner has been chosen to build a release spec, the ``runner-attributes``
-    target: gitlab
+section provides information determining details of the job in the context of
-
+the runner.  The ``runner-attributes`` section must have a ``tags`` key, which
    rebuild_index: True
    broken-specs-url: https://broken.specs.url
    broken-tests-packages:
    - gptune
    pipeline-gen:
    - submapping:
      - match:
          - os=ubuntu18.04
        build-job:
          tags:
            - spack-kube
          image: spack/ubuntu-bionic
      - match:
          - os=centos7
        build-job:
          tags:
            - spack-kube
          image: spack/centos7
  cdash:
    build-group: Release Testing
    url: https://cdash.spack.io
    project: Spack
    site: Spack AWS Gitlab Instance
 The ``ci`` config section is used to configure how the pipeline workload should be
 generated, mainly how the jobs for building specs should be assigned to the
 configured runners on your instance. The main section for configuring pipelines
 is ``pipeline-gen``, which is a list of job attribute sections that are merged,
 using the same rules as Spack configs (:ref:`config-scope-precedence`), from the bottom up.
 The order sections are applied is to be consistent with how spack orders scope precedence when merging lists.
 There are two main section types, ``<type>-job`` sections and ``submapping``
 sections.
 ^^^^^^^^^^^^^^^^^^^^^^
 Job Attribute Sections
 ^^^^^^^^^^^^^^^^^^^^^^
 Each type of job may have attributes added or removed via sections in the ``pipeline-gen``
 list. Job type specific attributes may be specified using the keys ``<type>-job`` to
 add attributes to all jobs of type ``<type>`` or ``<type>-job-remove`` to remove attributes
 of type ``<type>``. Each section may only contain one type of job attribute specification, ie. ,
 ``build-job`` and ``noop-job`` may not coexist but ``build-job`` and ``build-job-remove`` may.
 .. note::
    The ``*-remove`` specifications are applied before the additive attribute specification.
    For example, in the case where both ``build-job`` and ``build-job-remove`` are listed in
    the same ``pipeline-gen`` section, the value will still exist in the merged build-job after
    applying the section.
 All of the attributes specified are forwarded to the generated CI jobs, however special
 treatment is applied to the attributes ``tags``, ``image``, ``variables``, ``script``,
 ``before_script``, and ``after_script`` as they are components recognized explicitly by the
 Spack CI generator. For the ``tags`` attribute, Spack will remove reserved tags
 (:ref:`reserved_tags`) from all jobs specified in the config. In some cases, such as for
 ``signing`` jobs, reserved tags will be added back based on the type of CI that is being run.
 Once a runner has been chosen to build a release spec, the ``build-job*``
 sections provide information determining details of the job in the context of
 the runner.  At lease one of the ``build-job*`` sections must contain a ``tags`` key, which
 is a list containing at least one tag used to select the runner from among the
 runners known to the gitlab instance.  For Docker executor type runners, the
 ``image`` key is used to specify the Docker image used to build the release spec
@@ -560,7 +554,7 @@ information on to the runner that it needs to do its work (e.g. scheduler
 parameters, etc.).  Any ``variables`` provided here will be added, verbatim, to
 each job.
-The ``build-job`` section also allows users to supply custom ``script``,
+The ``runner-attributes`` section also allows users to supply custom ``script``,
 ``before_script``, and ``after_script`` sections to be applied to every job
 scheduled on that runner.  This allows users to do any custom preparation or
 cleanup tasks that fit their particular workflow, as well as completely
@@ -571,45 +565,46 @@ environment directory is located within your ``--artifacts_root`` (or if not
 provided, within your ``$CI_PROJECT_DIR``), activates that environment for
 you, and invokes ``spack ci rebuild``.
-Sections that specify scripts (``script``, ``before_script``, ``after_script``) are all
+.. _staging_algorithm:
 read as lists of commands or lists of lists of commands. It is recommended to write scripts
 as lists of lists if scripts will be composed via merging. The default behavior of merging
 lists will remove duplicate commands and potentially apply unwanted reordering, whereas
 merging lists of lists will preserve the local ordering and never removes duplicate
 commands. When writing commands to the CI target script, all lists are expanded and
 flattened into a single list.
-^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Submapping Sections
+Summary of ``.gitlab-ci.yml`` generation algorithm
-^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-A special case of attribute specification is the ``submapping`` section which may be used
+All specs yielded by the matrix (or all the specs in the environment) have their
-to apply job attributes to build jobs based on the package spec associated with the rebuild
+dependencies computed, and the entire resulting set of specs are staged together
-job. Submapping is specified as a list of spec ``match`` lists associated with
+before being run through the ``gitlab-ci/mappings`` entries, where each staged
-``build-job``/``build-job-remove`` sections. There are two options for ``match_behavior``,
+spec is assigned a runner.  "Staging" is the name given to the process of
-either ``first`` or ``merge`` may be specified. In either case, the ``submapping`` list is
+figuring out in what order the specs should be built, taking into consideration
-processed from the bottom up, and then each ``match`` list is searched for a string that
+Gitlab CI rules about jobs/stages.  In the staging process the goal is to maximize
-satisfies the check ``spec.satisfies({match_item})`` for each concrete spec.
+the number of jobs in any stage of the pipeline, while ensuring that the jobs in
 any stage only depend on jobs in previous stages (since those jobs are guaranteed
 to have completed already).  As a runner is determined for a job, the information
 in the ``runner-attributes`` is used to populate various parts of the job
 description that will be used by Gitlab CI. Once all the jobs have been assigned
 a runner, the ``.gitlab-ci.yml`` is written to disk.
-The the case of ``match_behavior: first``, the first ``match`` section in the list of
+The short example provided above would result in the ``readline``, ``ncurses``,
-``submappings`` that contains a string that satisfies the spec will apply it's
+and ``pkgconf`` packages getting staged and built on the runner chosen by the
-``build-job*`` attributes to the rebuild job associated with that spec. This is the
+``spack-k8s`` tag.  In this example, spack assumes the runner is a Docker executor
-default behavior and will be the method if no ``match_behavior`` is specified.
+type runner, and thus certain jobs will be run in the ``centos7`` container,
 and others in the ``ubuntu-18.04`` container.  The resulting ``.gitlab-ci.yml``
 will contain 6 jobs in three stages.  Once the jobs have been generated, the
 presence of a ``SPACK_CDASH_AUTH_TOKEN`` environment variable during the
 ``spack ci generate`` command would result in all of the jobs being put in a
 build group on CDash called "Release Testing" (that group will be created if
 it didn't already exist).
-The the case of ``merge`` match, all of the ``match`` sections in the list of
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-``submappings`` that contain a string that satisfies the spec will have the associated
+Optional compiler bootstrapping
-``build-job*`` attributes applied to the rebuild job associated with that spec. Again,
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 the attributes will be merged starting from the bottom match going up to the top match.
-In the case that no match is found in a submapping section, no additional attributes will be applied.
+Spack pipelines also have support for bootstrapping compilers on systems that
-
+may not already have the desired compilers installed. The idea here is that
-^^^^^^^^^^^^^
+you can specify a list of things to bootstrap in your ``definitions``, and
-Bootstrapping
+spack will guarantee those will be installed in a phase of the pipeline before
-^^^^^^^^^^^^^
+your release specs, so that you can rely on those packages being available in
-
+the binary mirror when you need them later on in the pipeline.  At the moment
 The ``bootstrap`` section allows you to specify lists of specs from
 your ``definitions`` that should be staged ahead of the environment's ``specs``. At the moment
 the only viable use-case for bootstrapping is to install compilers.
 Here's an example of what bootstrapping some compilers might look like:
@@ -642,18 +637,18 @@ Here's an example of what bootstrapping some compilers might look like:
       exclude:
         - '%gcc@7.3.0 os=centos7'
         - '%gcc@5.5.0 os=ubuntu18.04'
-     ci:
+     gitlab-ci:
       bootstrap:
         - name: compiler-pkgs
           compiler-agnostic: true
-       pipeline-gen:
+       mappings:
-         # similar to the example higher up in this description
+         # mappings similar to the example higher up in this description
         ...
 The example above adds a list to the ``definitions`` called ``compiler-pkgs``
 (you can add any number of these), which lists compiler packages that should
 be staged ahead of the full matrix of release specs (in this example, only
-readline).  Then within the ``ci`` section, note the addition of a
+readline).  Then within the ``gitlab-ci`` section, note the addition of a
 ``bootstrap`` section, which can contain a list of items, each referring to
 a list in the ``definitions`` section.  These items can either
 be a dictionary or a string.  If you supply a dictionary, it must have a name
@@ -685,86 +680,6 @@ environment/stack file, and in that case no bootstrapping will be done (only the
 specs will be staged for building) and the runners will be expected to already
 have all needed compilers installed and configured for spack to use.
 ^^^^^^^^^^^^^^^^^^^
 Pipeline Buildcache
 ^^^^^^^^^^^^^^^^^^^
 The ``enable-artifacts-buildcache`` key
 takes a boolean and determines whether the pipeline uses artifacts to store and
 pass along the buildcaches from one stage to the next (the default if you don't
 provide this option is ``False``).
 ^^^^^^^^^^^^^^^^
 Broken Specs URL
 ^^^^^^^^^^^^^^^^
 The optional ``broken-specs-url`` key tells Spack to check against a list of
 specs that are known to be currently broken in ``develop``. If any such specs
 are found, the ``spack ci generate`` command will fail with an error message
 informing the user what broken specs were encountered. This allows the pipeline
 to fail early and avoid wasting compute resources attempting to build packages
 that will not succeed.
 ^^^^^
 CDash
 ^^^^^
 The optional ``cdash`` section provides information that will be used by the
 ``spack ci generate`` command (invoked by ``spack ci start``) for reporting
 to CDash.  All the jobs generated from this environment will belong to a
 "build group" within CDash that can be tracked over time.  As the release
 progresses, this build group may have jobs added or removed. The url, project,
 and site are used to specify the CDash instance to which build results should
 be reported.
 Take a look at the
 `schema <https://github.com/spack/spack/blob/develop/lib/spack/spack/schema/ci.py>`_
 for the ci section of the spack environment file, to see precisely what
 syntax is allowed there.
 .. _reserved_tags:
 ^^^^^^^^^^^^^
 Reserved Tags
 ^^^^^^^^^^^^^
 Spack has a subset of tags (``public``, ``protected``, and ``notary``) that it reserves
 for classifying runners that may require special permissions or access. The tags
 ``public`` and ``protected`` are used to distinguish between runners that use public
 permissions and runners with protected permissions. The ``notary`` tag is a special tag
 that is used to indicate runners that have access to the highly protected information
 used for signing binaries using the ``signing`` job.
 .. _staging_algorithm:
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Summary of ``.gitlab-ci.yml`` generation algorithm
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 All specs yielded by the matrix (or all the specs in the environment) have their
 dependencies computed, and the entire resulting set of specs are staged together
 before being run through the ``ci/pipeline-gen`` entries, where each staged
 spec is assigned a runner.  "Staging" is the name given to the process of
 figuring out in what order the specs should be built, taking into consideration
 Gitlab CI rules about jobs/stages.  In the staging process the goal is to maximize
 the number of jobs in any stage of the pipeline, while ensuring that the jobs in
 any stage only depend on jobs in previous stages (since those jobs are guaranteed
 to have completed already).  As a runner is determined for a job, the information
 in the merged ``any-job*`` and ``build-job*`` sections is used to populate various parts of the job
 description that will be used by the target CI pipelines. Once all the jobs have been assigned
 a runner, the ``.gitlab-ci.yml`` is written to disk.
 The short example provided above would result in the ``readline``, ``ncurses``,
 and ``pkgconf`` packages getting staged and built on the runner chosen by the
 ``spack-k8s`` tag.  In this example, spack assumes the runner is a Docker executor
 type runner, and thus certain jobs will be run in the ``centos7`` container,
 and others in the ``ubuntu-18.04`` container.  The resulting ``.gitlab-ci.yml``
 will contain 6 jobs in three stages.  Once the jobs have been generated, the
 presence of a ``SPACK_CDASH_AUTH_TOKEN`` environment variable during the
 ``spack ci generate`` command would result in all of the jobs being put in a
 build group on CDash called "Release Testing" (that group will be created if
 it didn't already exist).
 -------------------------------------
 Using a custom spack in your pipeline
 -------------------------------------
@@ -811,21 +726,23 @@ generated by ``spack ci generate``.  You also want your generated rebuild jobs
   spack:
     ...
-     ci:
+     gitlab-ci:
-       pipeline-gen:
+       mappings:
-       - build-job:
+         - match:
-           tags:
+             - os=ubuntu18.04
-             - spack-kube
+           runner-attributes:
-           image: spack/ubuntu-bionic
+             tags:
-           before_script:
+               - spack-kube
-             - git clone ${SPACK_REPO}
+             image: spack/ubuntu-bionic
-             - pushd spack && git checkout ${SPACK_REF} && popd
+             before_script:
-             - . "./spack/share/spack/setup-env.sh"
+               - git clone ${SPACK_REPO}
-           script:
+               - pushd spack && git checkout ${SPACK_REF} && popd
-             - spack env activate --without-view ${SPACK_CONCRETE_ENV_DIR}
+               - . "./spack/share/spack/setup-env.sh"
-             - spack -d ci rebuild
+             script:
-           after_script:
+               - spack env activate --without-view ${SPACK_CONCRETE_ENV_DIR}
-             - rm -rf ./spack
+               - spack -d ci rebuild
             after_script:
               - rm -rf ./spack
 Now all of the generated rebuild jobs will use the same shell script to clone
 spack before running their actual workload.
@@ -914,4 +831,3 @@ verify binary packages (when installing or creating buildcaches).  You could
 also have already trusted a key spack know about, or if no key is present anywhere,
 spack will install specs using ``--no-check-signature`` and create buildcaches
 using ``-u`` (for unsigned binaries).
--- a/lib/spack/docs/replace_conda_homebrew.rst
+++ b/lib/spack/docs/replace_conda_homebrew.rst
@@ -1,10 +1,10 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 =====================================
-Spack for Homebrew/Conda Users
+Using Spack to Replace Homebrew/Conda
 =====================================
 Spack is an incredibly powerful package manager, designed for supercomputers
@@ -184,48 +184,13 @@ simply run the following commands:
 .. code-block:: console
   $ spack env activate myenv
-   $ spack concretize --fresh --force
+   $ spack concretize --force
   $ spack install
-The ``--fresh`` flag tells Spack to use the latest version of every package
+The ``--force`` flag tells Spack to overwrite its previous concretization
-where possible instead of trying to optimize for reuse of existing installed
+decisions, allowing you to choose a new version of Python. If any of the new
-packages.
+packages like Bash are already installed, ``spack install`` won't re-install
-
+them, it will keep the symlinks in place.
 The ``--force`` flag in addition tells Spack to overwrite its previous
 concretization decisions, allowing you to choose a new version of Python.
 If any of the new packages like Bash are already installed, ``spack install``
 won't re-install them, it will keep the symlinks in place.
 -----------------------------------
 Updating & Cleaning Up Old Packages
 -----------------------------------
 If you're looking to mimic the behavior of Homebrew, you may also want to
 clean up out-of-date packages from your environment after an upgrade. To
 upgrade your entire software stack within an environment and clean up old
 package versions, simply run the following commands:
 .. code-block:: console
   $ spack env activate myenv
   $ spack mark -i --all
   $ spack concretize --fresh --force
   $ spack install
   $ spack gc
 Running ``spack mark -i --all`` tells Spack to mark all of the existing
 packages within an environment as "implicitly" installed. This tells
 spack's garbage collection system that these packages should be cleaned up.
 Don't worry however, this will not remove your entire environment.
 Running ``spack install`` will reexamine your spack environment after
 a fresh concretization and will re-mark any packages that should remain
 installed as "explicitly" installed.
 **Note:** if you use multiple spack environments you should re-run ``spack install``
 in each of your environments prior to running ``spack gc`` to prevent spack
 from uninstalling any shared packages that are no longer required by the
 environment you just upgraded.
 --------------
 Uninstallation
--- a/lib/spack/docs/repositories.rst
+++ b/lib/spack/docs/repositories.rst
@@ -1,4 +1,4 @@
-.. Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+.. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -32,16 +32,11 @@ A package repository a directory structured like this::
          ...
 The top-level ``repo.yaml`` file contains configuration metadata for the
-repository. The packages subdirectory, typically ``packages``, contains
+repository, and the ``packages`` directory contains subdirectories for
-subdirectories for each package in the repository.  Each package directory
+each package in the repository.  Each package directory contains a
-contains a ``package.py`` file and any patches or other files needed to build the
+``package.py`` file and any patches or other files needed to build the
 package.
 The ``repo.yaml`` file may also contain a ``subdirectory`` key,
 which can modify the name of the subdirectory used for packages. As seen above,
 the default value is ``packages``. An empty string (``subdirectory: ''``) requires
 a flattened repo structure in which the package names are top-level subdirectories.
 Package repositories allow you to:
 1. Maintain your own packages separately from Spack;
@@ -378,24 +373,6 @@ You can supply a custom namespace with a second argument, e.g.:
  repo:
    namespace: 'llnl.comp'
 You can also create repositories with custom structure with the ``-d/--subdirectory``
 argument, e.g.:
 .. code-block:: console
  $ spack repo create -d applications myrepo apps
  ==> Created repo with namespace 'apps'.
  ==> To register it with Spack, run this command:
    spack repo add ~/myrepo
  $ ls myrepo
  applications/  repo.yaml
  $ cat myrepo/repo.yaml
  repo:
    namespace: apps
    subdirectory: applications
 ^^^^^^^^^^^^^^^^^^
 ``spack repo add``
 ^^^^^^^^^^^^^^^^^^
--- a/lib/spack/docs/requirements.txt
+++ b/lib/spack/docs/requirements.txt
@@ -1,13 +1,12 @@
-sphinx==7.2.6
+# These dependencies should be installed using pip in order
-sphinxcontrib-programoutput==0.17
+# to build the documentation.
-sphinx_design==0.5.0
+
-sphinx-rtd-theme==1.3.0
+sphinx>=3.4,!=4.1.2,!=5.1.0
-python-levenshtein==0.23.0
+sphinxcontrib-programoutput
-docutils==0.18.1
+sphinx-design
-pygments==2.16.1
+sphinx-rtd-theme
-urllib3==2.0.7
+python-levenshtein
-pytest==7.4.2
+# Restrict to docutils <0.17 to workaround a list rendering issue in sphinx.
-isort==5.12.0
+# https://stackoverflow.com/questions/67542699
-black==23.9.1
+docutils <0.17
-flake8==6.1.0
+pygments <2.13
 mypy==1.6.1
--- a/lib/spack/docs/signing.rst
+++ b/lib/spack/docs/signing.rst
@@ -1,478 +0,0 @@
 .. Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
   Spack Project Developers. See the top-level COPYRIGHT file for details.
   SPDX-License-Identifier: (Apache-2.0 OR MIT)
 .. _signing:
 =====================
 Spack Package Signing
 =====================
 The goal of package signing in Spack is to provide data integrity
 assurances around official packages produced by the automated Spack CI
 pipelines. These assurances directly address the security of Spack’s
 software supply chain by explaining why a security-conscious user can
 be reasonably justified in the belief that packages installed via Spack
 have an uninterrupted auditable trail back to change management
 decisions judged to be appropriate by the Spack maintainers. This is
 achieved through cryptographic signing of packages built by Spack CI
 pipelines based on code that has been transparently reviewed and
 approved on GitHub. This document describes the signing process for
 interested users.
 .. _risks:
 ------------------------------
 Risks, Impact and Threat Model
 ------------------------------
 This document addresses the approach taken to safeguard Spack’s
 reputation with regard to the integrity of the package data produced by
 Spack’s CI pipelines. It does not address issues of data confidentiality
 (Spack is intended to be largely open source) or availability (efforts
 are described elsewhere). With that said the main reputational risk can
 be broadly categorized as a loss of faith in the data integrity due to a
 breach of the private key used to sign packages. Remediation of a
 private key breach would require republishing the public key with a
 revocation certificate, generating a new signing key, an assessment and
 potential rebuild/resigning of all packages since the key was breached,
 and finally direct intervention by every spack user to update their copy
 of Spack’s public keys used for local verification.
 The primary threat model used in mitigating the risks of these stated
 impacts is one of individual error not malicious intent or insider
 threat. The primary objective is to avoid the above impacts by making a
 private key breach nearly impossible due to oversight or configuration
 error. Obvious and straightforward measures are taken to mitigate issues
 of malicious interference in data integrity and insider threats but
 these attack vectors are not systematically addressed. It should be hard
 to exfiltrate the private key intentionally, and almost impossible to
 leak the key by accident.
 .. _overview:
 -----------------
 Pipeline Overview
 -----------------
 Spack pipelines build software through progressive stages where packages
 in later stages nominally depend on packages built in earlier stages.
 For both technical and design reasons these dependencies are not
 implemented through the default GitLab artifacts mechanism; instead
 built packages are uploaded to AWS S3 mirrors (buckets) where they are
 retrieved by subsequent stages in the pipeline. Two broad categories of
 pipelines exist: Pull Request (PR) pipelines and Develop/Release
 pipelines.
 -  PR pipelines are launched in response to pull requests made by
   trusted and untrusted users. Packages built on these pipelines upload
   code to quarantined AWS S3 locations which cache the built packages
   for the purposes of review and iteration on the changes proposed in
   the pull request. Packages built on PR pipelines can come from
   untrusted users so signing of these pipelines is not implemented.
   Jobs in these pipelines are executed via normal GitLab runners both
   within the AWS GitLab infrastructure and at affiliated institutions.
 -  Develop and Release pipelines **sign** the packages they produce and carry
   strong integrity assurances that trace back to auditable change management
   decisions. These pipelines only run after members from a trusted group of
   reviewers verify that the proposed changes in a pull request are appropriate.
   Once the PR is merged, or a release is cut, a pipeline is run on protected
   GitLab runners which provide access to the required signing keys within the
   job. Intermediary keys are used to sign packages in each stage of the
   pipeline as they are built and a final job officially signs each package
   external to any specific packages’ build environment. An intermediate key
   exists in the AWS infrastructure and for each affiliated instritution that
   maintains protected runners. The runners that execute these pipelines
   exclusively accept jobs from protected branches meaning the intermediate keys
   are never exposed to unreviewed code and the official keys are never exposed
   to any specific build environment.
 .. _key_architecture:
 ----------------
 Key Architecture
 ----------------
 Spack’s CI process uses public-key infrastructure (PKI) based on GNU Privacy
 Guard (gpg) keypairs to sign public releases of spack package metadata, also
 called specs. Two classes of GPG keys are involved in the process to reduce the
 impact of an individual private key compromise, these key classes are the
 *Intermediate CI Key* and *Reputational Key*. Each of these keys has signing
 sub-keys that are used exclusively for signing packages. This can be confusing
 so for the purpose of this explanation we’ll refer to Root and Signing keys.
 Each key has a private and a public component as well as one or more identities
 and zero or more signatures.
 -------------------
 Intermediate CI Key
 -------------------
 The Intermediate key class is used to sign and verify packages between stages
 within a develop or release pipeline. An intermediate key exists for the AWS
 infrastructure as well as each affiliated institution that maintains protected
 runners. These intermediate keys are made available to the GitLab execution
 environment building the package so that the package’s dependencies may be
 verified by the Signing Intermediate CI Public Key and the final package may be
 signed by the Signing Intermediate CI Private Key.
 +---------------------------------------------------------------------------------------------------------+
 | **Intermediate CI Key (GPG)**                                                                           |
 +==================================================+======================================================+
 | Root Intermediate CI Private Key (RSA 4096)#     |     Root Intermediate CI Public Key (RSA 4096)       |
 +--------------------------------------------------+------------------------------------------------------+
 |   Signing Intermediate CI Private Key (RSA 4096) |        Signing Intermediate CI Public Key (RSA 4096) |
 +--------------------------------------------------+------------------------------------------------------+
 | Identity: “Intermediate CI Key <maintainers@spack.io>”                                                  |
 +---------------------------------------------------------------------------------------------------------+
 | Signatures: None                                                                                        |
 +---------------------------------------------------------------------------------------------------------+
 The *Root intermediate CI Private Key*\ Is stripped out of the GPG key and
 stored offline completely separate from Spack’s infrastructure. This allows the
 core development team to append revocation certificates to the GPG key and
 issue new sub-keys for use in the pipeline. It is our expectation that this
 will happen on a semi regular basis. A corollary of this is that *this key
 should not be used to verify package integrity outside the internal CI process.*
 ----------------
 Reputational Key
 ----------------
 The Reputational Key is the public facing key used to sign complete groups of
 development and release packages. Only one key pair exsits in this class of
 keys. In contrast to the Intermediate CI Key the Reputational Key *should* be
 used to verify package integrity. At the end of develop and release pipeline a
 final pipeline job pulls down all signed package metadata built by the pipeline,
 verifies they were signed with an Intermediate CI Key, then strips the
 Intermediate CI Key signature from the package and re-signs them with the
 Signing Reputational Private Key. The officially signed packages are then
 uploaded back to the AWS S3 mirror. Please note that separating use of the
 reputational key into this final job is done to prevent leakage of the key in a
 spack package. Because the Signing Reputational Private Key is never exposed to
 a build job it cannot accidentally end up in any built package.
 +---------------------------------------------------------------------------------------------------------+
 | **Reputational Key (GPG)**                                                                              |
 +==================================================+======================================================+
 | Root Reputational Private Key (RSA 4096)#        |          Root Reputational Public Key (RSA 4096)     |
 +--------------------------------------------------+------------------------------------------------------+
 | Signing Reputational Private Key (RSA 4096)      |          Signing Reputational Public Key (RSA 4096)  |
 +--------------------------------------------------+------------------------------------------------------+
 | Identity: “Spack Project <maintainers@spack.io>”                                                        |
 +---------------------------------------------------------------------------------------------------------+
 | Signatures: Signed by core development team [#f1]_                                                      |
 +---------------------------------------------------------------------------------------------------------+
 The Root Reputational Private Key is stripped out of the GPG key and stored
 offline completely separate from Spack’s infrastructure. This allows the core
 development team to append revocation certificates to the GPG key in the
 unlikely event that the Signing Reputation Private Key is compromised. In
 general it is the expectation that rotating this key will happen infrequently if
 at all. This should allow relatively transparent verification for the end-user
 community without needing deep familiarity with GnuPG or Public Key
 Infrastructure.
 .. _build_cache_format:
 ------------------
 Build Cache Format
 ------------------
 A binary package consists of a metadata file unambiguously defining the
 built package (and including other details such as how to relocate it)
 and the installation directory of the package stored as a compressed
 archive file. The metadata files can either be unsigned, in which case
 the contents are simply the json-serialized concrete spec plus metadata,
 or they can be signed, in which case the json-serialized concrete spec
 plus metadata is wrapped in a gpg cleartext signature. Built package
 metadata files are named to indicate the operating system and
 architecture for which the package was built as well as the compiler
 used to build it and the packages name and version. For example::
  linux-ubuntu18.04-haswell-gcc-7.5.0-zlib-1.2.12-llv2ysfdxnppzjrt5ldybb5c52qbmoow.spec.json.sig
 would contain the concrete spec and binary metadata for a binary package
 of ``zlib@1.2.12``, built for the ``ubuntu`` operating system and ``haswell``
 architecture. The id of the built package exists in the name of the file
 as well (after the package name and version) and in this case begins
 with ``llv2ys``. The id distinguishes a particular built package from all
 other built packages with the same os/arch, compiler, name, and version.
 Below is an example of a signed binary package metadata file. Such a
 file would live in the ``build_cache`` directory of a binary mirror::
  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA512
  {
    "spec": {
      <concrete-spec-contents-omitted>
    },
    "buildcache_layout_version": 1,
    "binary_cache_checksum": {
      "hash_algorithm": "sha256",
      "hash": "4f1e46452c35a5e61bcacca205bae1bfcd60a83a399af201a29c95b7cc3e1423"
     }
  }
  -----BEGIN PGP SIGNATURE-----
  iQGzBAEBCgAdFiEETZn0sLle8jIrdAPLx/P+voVcifMFAmKAGvwACgkQx/P+voVc
  ifNoVgv/VrhA+wurVs5GB9PhmMA1m5U/AfXZb4BElDRwpT8ZcTPIv5X8xtv60eyn
  4EOneGVbZoMThVxgev/NKARorGmhFXRqhWf+jknJZ1dicpqn/qpv34rELKUpgXU+
  QDQ4d1P64AIdTczXe2GI9ZvhOo6+bPvK7LIsTkBbtWmopkomVxF0LcMuxAVIbA6b
  887yBvVO0VGlqRnkDW7nXx49r3AG2+wDcoU1f8ep8QtjOcMNaPTPJ0UnjD0VQGW6
  4ZFaGZWzdo45MY6tF3o5mqM7zJkVobpoW3iUz6J5tjz7H/nMlGgMkUwY9Kxp2PVH
  qoj6Zip3LWplnl2OZyAY+vflPFdFh12Xpk4FG7Sxm/ux0r+l8tCAPvtw+G38a5P7
  QEk2JBr8qMGKASmnRlJUkm1vwz0a95IF3S9YDfTAA2vz6HH3PtsNLFhtorfx8eBi
  Wn5aPJAGEPOawEOvXGGbsH4cDEKPeN0n6cy1k92uPEmBLDVsdnur8q42jk5c2Qyx
  j3DXty57
  =3gvm
  -----END PGP SIGNATURE-----
 If a user has trusted the public key associated with the private key
 used to sign the above spec file, the signature can be verified with
 gpg, as follows::
  $ gpg –verify linux-ubuntu18.04-haswell-gcc-7.5.0-zlib-1.2.12-llv2ysfdxnppzjrt5ldybb5c52qbmoow.spec.json.sig
 The metadata (regardless whether signed or unsigned) contains the checksum
 of the ``.spack`` file containing the actual installation. The checksum should
 be compared to a checksum computed locally on the ``.spack`` file to ensure the
 contents have not changed since the binary spec plus metadata were signed. The
 ``.spack`` files are actually tarballs containing the compressed archive of the
 install tree.  These files, along with the metadata files, live within the
 ``build_cache`` directory of the mirror, and together are organized as follows::
  build_cache/
    # unsigned metadata (for indexing, contains sha256 of .spack file)
    <arch>-<compiler>-<name>-<ver>-24zvipcqgg2wyjpvdq2ajy5jnm564hen.spec.json
    # clearsigned metadata (same as above, but signed)
    <arch>-<compiler>-<name>-<ver>-24zvipcqgg2wyjpvdq2ajy5jnm564hen.spec.json.sig
    <arch>/
      <compiler>/
        <name>-<ver>/
          # tar.gz-compressed prefix (may support more compression formats later)
          <arch>-<compiler>-<name>-<ver>-24zvipcqgg2wyjpvdq2ajy5jnm564hen.spack
 Uncompressing and extracting the ``.spack`` file results in the install tree.
 This is in contrast to previous versions of spack, where the ``.spack`` file
 contained a (duplicated) metadata file, a signature file and a nested tarball
 containing the install tree.
 .. _internal_implementation:
 -----------------------
 Internal Implementation
 -----------------------
 The technical implementation of the pipeline signing process includes components
 defined in Amazon Web Services, the Kubernetes cluster, at affilicated
 institutions, and the GitLab/GitLab Runner deployment. We present the techincal
 implementation in two interdependent sections. The first addresses how secrets
 are managed through the lifecycle of a develop or release pipeline. The second
 section describes how Gitlab Runner and pipelines are configured and managed to
 support secure automated signing.
 Secrets Management
 ^^^^^^^^^^^^^^^^^^
 As stated above the Root Private Keys (intermediate and reputational)
 are stripped from the GPG keys and stored outside Spack’s
 infrastructure.
 .. warning::
  **TODO**
    - Explanation here about where and how access is handled for these keys.
    - Both Root private keys are protected with strong passwords
    - Who has access to these and how?
 **Intermediate CI Key**
 -----------------------
 Multiple intermediate CI signing keys exist, one Intermediate CI Key for jobs
 run in AWS, and one key for each affiliated institution (e.g. Univerity of
 Oregon). Here we describe how the Intermediate CI Key is managed in AWS:
 The Intermediate CI Key (including the Signing Intermediate CI Private Key is
 exported as an ASCII armored file and stored in a Kubernetes secret called
 ``spack-intermediate-ci-signing-key``. For convenience sake, this same secret
 contains an ASCII-armored export of just the *public* components of the
 Reputational Key. This secret also contains the *public* components of each of
 the affiliated institutions' Intermediate CI Key. These are potentially needed
 to verify dependent packages which may have been found in the public mirror or
 built by a protected job running on an affiliated institution's infrastrcuture
 in an earlier stage of the pipeline.
 Procedurally the ``spack-intermediate-ci-signing-key`` secret is used in
 the following way:
 1. A ``large-arm-prot`` or ``large-x86-prot`` protected runner picks up
   a job tagged ``protected`` from a protected GitLab branch. (See
   `Protected Runners and Reserved Tags <#_8bawjmgykv0b>`__).
 2. Based on its configuration, the runner creates a job Pod in the
   pipeline namespace and mounts the spack-intermediate-ci-signing-key
   Kubernetes secret into the build container
 3. The Intermediate CI Key, affiliated institutions' public key and the
   Reputational Public Key are imported into a keyring by the ``spack gpg …``
   sub-command. This is initiated by the job’s build script which is created by
   the generate job at the beginning of the pipeline.
 4. Assuming the package has dependencies those specs are verified using
   the keyring.
 5. The package is built and the spec.json is generated
 6. The spec.json is signed by the keyring and uploaded to the mirror’s
   build cache.
 **Reputational Key**
 --------------------
 Because of the increased impact to end users in the case of a private
 key breach, the Reputational Key is managed separately from the
 Intermediate CI Keys and has additional controls. First, the Reputational
 Key was generated outside of Spack’s infrastructure and has been signed
 by the core development team. The Reputational Key (along with the
 Signing Reputational Private Key) was then ASCII armor exported to a
 file. Unlike the Intermediate CI Key this exported file is not stored as
 a base64 encoded secret in Kubernetes. Instead\ *the key file
 itself*\ is encrypted and stored in Kubernetes as the
 ``spack-signing-key-encrypted`` secret in the pipeline namespace.
 The encryption of the exported Reputational Key (including the Signing
 Reputational Private Key) is handled by `AWS Key Management Store (KMS) data
 keys
 <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys>`__.
 The private key material is decrypted and imported at the time of signing into a
 memory mounted temporary directory holding the keychain. The signing job uses
 the `AWS Encryption SDK
 <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/crypto-cli.html>`__
 (i.e. ``aws-encryption-cli``) to decrypt the Reputational Key. Permission to
 decrypt the key is granted to the job Pod through a Kubernetes service account
 specifically used for this, and only this, function. Finally, for convenience
 sake, this same secret contains an ASCII-armored export of the *public*
 components of the Intermediate CI Keys and the Reputational Key. This allows the
 signing script to verify that packages were built by the pipeline (both on AWS
 or at affiliated institutions), or signed previously as a part of a different
 pipeline. This is is done *before* importing decrypting and importing the
 Signing Reputational Private Key material and officially signing the packages.
 Procedurally the ``spack-singing-key-encrypted`` secret is used in the
 following way:
 1.  The ``spack-package-signing-gitlab-runner`` protected runner picks
    up a job tagged ``notary`` from a protected GitLab branch (See
    `Protected Runners and Reserved Tags <#_8bawjmgykv0b>`__).
 2.  Based on its configuration, the runner creates a job pod in the
    pipeline namespace. The job is run in a stripped down purpose-built
    image ``ghcr.io/spack/notary:latest`` Docker image. The runner is
    configured to only allow running jobs with this image.
 3.  The runner also mounts the ``spack-signing-key-encrypted`` secret to
    a path on disk. Note that this becomes several files on disk, the
    public components of the Intermediate CI Keys, the public components
    of the Reputational CI, and an AWS KMS encrypted file containing the
    Singing Reputational Private Key.
 4.  In addition to the secret, the runner creates a tmpfs memory mounted
    directory where the GnuPG keyring will be created to verify, and
    then resign the package specs.
 5.  The job script syncs all spec.json.sig files from the build cache to
    a working directory in the job’s execution environment.
 6.  The job script then runs the ``sign.sh`` script built into the
    notary Docker image.
 7.  The ``sign.sh`` script imports the public components of the
    Reputational and Intermediate CI Keys and uses them to verify good
    signatures on the spec.json.sig files. If any signed spec does not
    verify the job immediately fails.
 8.  Assuming all specs are verified, the ``sign.sh`` script then unpacks
    the spec json data from the signed file in preparation for being
    re-signed with the Reputational Key.
 9.  The private components of the Reputational Key are decrypted to
    standard out using ``aws-encryption-cli`` directly into a ``gpg
    –import …`` statement which imports the key into the
    keyring mounted in-memory.
 10. The private key is then used to sign each of the json specs and the
    keyring is removed from disk.
 11. The re-signed json specs are resynced to the AWS S3 Mirror and the
    public signing of the packages for the develop or release pipeline
    that created them is complete.
 Non service-account access to the private components of the Reputational
 Key that are managed through access to the symmetric secret in KMS used
 to encrypt the data key (which in turn is used to encrypt the GnuPG key
 - See:\ `Encryption SDK
 Documentation <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/crypto-cli-examples.html#cli-example-encrypt-file>`__).
 A small trusted subset of the core development team are the only
 individuals with access to this symmetric key.
 .. _protected_runners:
 Protected Runners and Reserved Tags
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Spack has a large number of Gitlab Runners operating in its build farm.
 These include runners deployed in the AWS Kubernetes cluster as well as
 runners deployed at affiliated institutions. The majority of runners are
 shared runners that operate across projects in gitlab.spack.io. These
 runners pick up jobs primarily from the spack/spack project and execute
 them in PR pipelines.
 A small number of runners operating on AWS and at affiliated institutions are
 registered as specific *protected* runners on the spack/spack project. In
 addition to protected runners there are protected branches on the spack/spack
 project. These are the ``develop`` branch, any release branch (i.e. managed with
 the ``releases/v*`` wildcard) and any tag branch (managed with the ``v*``
 wildcard) Finally Spack’s pipeline generation code reserves certain tags to make
 sure jobs are routed to the correct runners, these tags are ``public``,
 ``protected``, and ``notary``. Understanding how all this works together to
 protect secrets and provide integrity assurances can be a little confusing so
 lets break these down:
 -  **Protected Branches**- Protected branches in Spack prevent anyone
   other than Maintainers in GitLab from pushing code. In the case of
   Spack the only Maintainer level entity pushing code to protected
   branches is Spack bot. Protecting branches also marks them in such a
   way that Protected Runners will only run jobs from those branches
 - **Protected Runners**- Protected Runners only run jobs from protected
   branches. Because protected runners have access to secrets, it's critical
   that they not run Jobs from untrusted code (i.e. PR branches). If they did it
   would be possible for a PR branch to tag a job in such a way that a protected
   runner executed that job and mounted secrets into a code execution
   environment that had not been reviewed by Spack maintainers. Note however
   that in the absence of tagging used to route jobs, public runners *could* run
   jobs from protected branches. No secrets would be at risk of being breached
   because non-protected runners do not have access to those secrets; lack of
   secrets would, however, cause the jobs to fail.
 - **Reserved Tags**- To mitigate the issue of public runners picking up
   protected jobs Spack uses a small set of “reserved” job tags (Note that these
   are *job* tags not git tags). These tags are “public”, “private”, and
   “notary.” The majority of jobs executed in Spack’s GitLab instance are
   executed via a ``generate`` job. The generate job code systematically ensures
   that no user defined configuration sets these tags. Instead, the ``generate``
   job sets these tags based on rules related to the branch where this pipeline
   originated. If the job is a part of a pipeline on a PR branch it sets the
   ``public`` tag. If the job is part of a pipeline on a protected branch it
   sets the ``protected`` tag. Finally if the job is the package signing job and
   it is running on a pipeline that is part of a protected branch then it sets
   the ``notary`` tag.
 Protected Runners are configured to only run jobs from protected branches. Only
 jobs running in pipelines on protected branches are tagged with ``protected`` or
 ``notary`` tags. This tightly couples jobs on protected branches to protected
 runners that provide access to the secrets required to sign the built packages.
 The secrets are can **only** be accessed via:
 1. Runners under direct control of the core development team.
 2. Runners under direct control of trusted maintainers at affiliated institutions.
 3. By code running the automated pipeline that has been reviewed by the
   Spack maintainers and judged to be appropriate.
 Other attempts (either through malicious intent or incompetence) can at
 worst grab jobs intended for protected runners which will cause those
 jobs to fail alerting both Spack maintainers and the core development
 team.
 .. [#f1]
   The Reputational Key has also cross signed core development team
   keys.
--- a/lib/spack/docs/spack.yaml
+++ b/lib/spack/docs/spack.yaml
@@ -1,4 +1,4 @@
-# Copyright 2013-2023 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2022 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/docs/tables/system_prerequisites.csv
+++ b/lib/spack/docs/tables/system_prerequisites.csv
@@ -1,7 +1,9 @@
 Name, Supported Versions, Notes, Requirement Reason
-Python, 3.6--3.12, , Interpreter for Spack
+Python, 2.7/3.6-3.10, , Interpreter for Spack
 C/C++ Compilers, , , Building software
 make, , , Build software
 patch, , , Build software
 bash, , , Compiler wrappers
 tar, , , Extract/create archives
 gzip, , , Compress/Decompress archives
 unzip, , , Compress/Decompress archives
@@ -9,7 +11,6 @@ bzip2, , , Compress/Decompress archives
 xz, , , Compress/Decompress archives
 zstd, , Optional, Compress/Decompress archives
 file, , , Create/Use Buildcaches
 lsb-release, , , Linux: identify operating system version
 gnupg2, , , Sign/Verify Buildcaches
 git, , , Manage Software Repositories
 svn, , Optional, Manage Software Repositories
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Gregory Becker	540c37cb06	allow lists and dicts since we get them for free	2022-11-04 17:51:58 -07:00
Gregory Becker	be89a18971	becker: show simplification idea	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	104023e7cb	auto style fix	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	1412251d79	account for attributes that should be deleted (i.e. if they weren't set originally on the package)	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	186532bac1	style fixes	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	e09623060b	update test to clarify parsing	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	8dbd7b423b	add placeholders for assigning collection types	2022-11-04 17:51:58 -07:00
Peter Josef Scheibel	4f5afbe97b	do type inference on strings (this works well for values that are not collections)	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	469401d4a1	style fix	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	4bc2d12a68	intermediate work on arbitrary types for pkg_attribute	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	2b5be8c52a	only delete the attribute if it exists	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	2ad94bc76a	make sure to remove old overidden_attrs	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	56671984b5	only set storage variable on class if there is anything to keep track of	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	bd40a98ccd	Revert "remove new test and see if that's part of the problem (even though it isn't run before the failing test)" This reverts commit 48c15d2f6be8a0bd88428e015ea41a8c814130f8.	2022-11-04 17:51:57 -07:00
Peter Josef Scheibel	25e875c1d6	remove new test and see if that's part of the problem (even though it isn't run before the failing test)	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	de59410216	Revert "temporarily undo everything in this PR to check if it could somehow be causing a failure in an unrelated test" This reverts commit c138b808304d68748308ea21e46a08bb028ab584.	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	edc3a3d19b	temporarily undo everything in this PR to check if it could somehow be causing a failure in an unrelated test	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	114ad6dd0a	auto style fix	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	3ddc16b1ff	add clarifying comment	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	d38ad41b65	move setattr back to get_pkg_class (since these config settings can affect class-level attrs)	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	d68e1c976d	add note for consideration	2022-11-04 17:51:56 -07:00
Peter Josef Scheibel	821d20cf06	auto style fix	2022-11-04 17:51:55 -07:00
Peter Josef Scheibel	a92eacd3c8	rename 'set' to 'package_attributes'	2022-11-04 17:51:55 -07:00
Peter Josef Scheibel	bb079ee356	move set logic to PackageBase initializer (otherwise, users could instantiate package_class() in other locations and bypass the config)	2022-11-04 17:51:55 -07:00
Peter Josef Scheibel	0b24c820b4	auto style fix	2022-11-04 17:51:55 -07:00
Peter Josef Scheibel	2db85d240a	add test; set attributes on instance vs. on class	2022-11-04 17:51:55 -07:00
Peter Josef Scheibel	a8fa5f6ca1	core changes to allow setting git/url attribute on packages	2022-11-04 17:51:55 -07:00