Use kcov from official Ubuntu 20.04 repository (#25385 )

* Ubuntu 20.04 provides kcov, so don't build from source * Use two undocumented options for kcov v3.8
buildcache: Add environment-aware buildcache sync command (#25470 )
2021-08-19 14:03:10 -07:00 · 2021-08-19 12:15:40 -06:00 · 2021-08-18 18:01:14 -07:00 · 2021-08-19 00:11:46 +00:00 · 2021-08-18 11:14:02 -07:00 · 2021-08-18 19:08:44 +02:00
1689 changed files with 34558 additions and 11872 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@@ -14,3 +14,21 @@ ignore:
  - share/spack/qa/.*

 comment: off
+
+# Inline codecov annotations make the code hard to read, and they add
+# annotations in files that seemingly have nothing to do with the PR.
+github_checks:
+    annotations: false
+
+# Attempt to fix "Missing base commit" messages in the codecov UI.
+# Because we do not run full tests on package PRs, package PRs' merge
+# commits on `develop` don't have coverage info.  It appears that
+# codecov will give you an error if the pseudo-base's coverage data
+# doesn't all apply properly to the real PR base.
+#
+# See here for docs:
+#   https://docs.codecov.com/docs/comparing-commits#pseudo-comparison
+# See here for another potential solution:
+#   https://community.codecov.com/t/2480/15
+codecov:
+  allow_coverage_offsets: true
--- a/.coveragerc
+++ b/.coveragerc
@@ -1,38 +0,0 @@
-# -*- conf -*-
-# .coveragerc to control coverage.py
-[run]
-parallel = True
-concurrency = multiprocessing
-branch = True
-source =
-     bin
-     lib
-omit =
-     lib/spack/spack/test/*
-     lib/spack/docs/*
-     lib/spack/external/*
-     share/spack/qa/*
-
-[report]
-# Regexes for lines to exclude from consideration
-exclude_lines =
-    # Have to re-enable the standard pragma
-    pragma: no cover
-
-    # Don't complain about missing debug-only code:
-    def __repr__
-    if self\.debug
-
-    # Don't complain if tests don't hit defensive assertion code:
-    raise AssertionError
-    raise NotImplementedError
-
-    # Don't complain if non-runnable code isn't run:
-    if 0:
-    if False:
-    if __name__ == .__main__.:
-
-ignore_errors = True
-
-[html]
-directory = htmlcov
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,42 +0,0 @@
---
-name: "\U0001F41E Bug report"
-about: Report a bug in the core of Spack (command not working as expected, etc.)
-labels: "bug,triage"
---
-
-<!-- Explain, in a clear and concise way, the command you ran and the result you were trying to achieve.
-Example: "I ran `spack find` to list all the installed packages and ..." -->
-
-### Steps to reproduce the issue
-
-```console
-$ spack <command1> <spec>
-$ spack <command2> <spec>
-...
-```
-
-### Error Message
-
-<!-- If Spack reported an error, provide the error message. If it did not report an error but the output appears incorrect, provide the incorrect output. If there was no error message and no output but the result is incorrect, describe how it does not match what you expect. -->
-```console
-$ spack --debug --stacktrace <command>
-```
-
-### Information on your system
-
-<!-- Please include the output of `spack debug report` -->
-
-<!-- If you have any relevant configuration detail (custom `packages.yaml` or `modules.yaml`, etc.) you can add that here as well. -->
-
-### Additional information
-
-<!-- These boxes can be checked by replacing [ ] with [x] or by clicking them after submitting the issue. -->
- [ ] I have run `spack debug report` and reported the version of Spack/Python/Platform
- [ ] I have searched the issues of this repo and believe this is not a duplicate
- [ ] I have run the failing commands in debug mode and reported the output
-
-<!-- We encourage you to try, as much as possible, to reduce your problem to the minimal example that still reproduces the issue. That would help us a lot in fixing it quickly and effectively!
-
-If you want to ask a question about the tool (how to use it, what it can currently do, etc.), try the `#general` channel on our Slack first. We have a welcoming community and chances are you'll get your reply faster and without opening an issue.
-
-Other than that, thanks for taking the time to contribute to Spack! -->
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,58 @@
+name: "\U0001F41E Bug report"
+description: Report a bug in the core of Spack (command not working as expected, etc.)
+labels: [bug, triage]
+body:
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce
+      description: |
+        Explain, in a clear and concise way, the command you ran and the result you were trying to achieve.
+        Example: "I ran `spack find` to list all the installed packages and ..."
+      placeholder: |
+        ```console
+        $ spack <command1> <spec>
+        $ spack <command2> <spec>
+        ...
+        ```
+    validations:
+      required: true
+  - type: textarea
+    id: error
+    attributes:
+      label: Error message
+      description: |
+        If Spack reported an error, provide the error message. If it did not report an error but the output appears incorrect, provide the incorrect output. If there was no error message and no output but the result is incorrect, describe how it does not match what you expect.
+      placeholder: |
+        ```console
+        $ spack --debug --stacktrace <command>
+        ```
+  - type: textarea
+    id: information
+    attributes:
+      label: Information on your system
+      description: Please include the output of `spack debug report`
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        If you have any relevant configuration detail (custom `packages.yaml` or `modules.yaml`, etc.) you can add that here as well.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: General information
+      options:
+        - label: I have run `spack debug report` and reported the version of Spack/Python/Platform
+          required: true
+        - label: I have searched the issues of this repo and believe this is not a duplicate
+          required: true
+        - label: I have run the failing commands in debug mode and reported the output
+          required: true
+  - type: markdown
+    attributes:
+      value: |
+        We encourage you to try, as much as possible, to reduce your problem to the minimal example that still reproduces the issue. That would help us a lot in fixing it quickly and effectively!
+        If you want to ask a question about the tool (how to use it, what it can currently do, etc.), try the `#general` channel on [our Slack](https://slack.spack.io/) first. We have a welcoming community and chances are you'll get your reply faster and without opening an issue.
+        
+        Other than that, thanks for taking the time to contribute to Spack!
--- a/.github/ISSUE_TEMPLATE/build_error.md
+++ b/.github/ISSUE_TEMPLATE/build_error.md
@@ -1,43 +0,0 @@
---
-name: "\U0001F4A5 Build error"
-about: Some package in Spack didn't build correctly
-title: "Installation issue: "
-labels: "build-error"
---
-
-<!-- Thanks for taking the time to report this build failure. To proceed with the report please:
-
-1. Title the issue "Installation issue: <name-of-the-package>".
-2. Provide the information required below.
-
-We encourage you to try, as much as possible, to reduce your problem to the minimal example that still reproduces the issue. That would help us a lot in fixing it quickly and effectively! -->
-
-### Steps to reproduce the issue
-
-<!-- Fill in the exact spec you are trying to build and the relevant part of the error message -->
-```console
-$ spack install <spec>
-...
-```
-
-### Information on your system
-
-<!-- Please include the output of `spack debug report` -->
-
-<!-- If you have any relevant configuration detail (custom `packages.yaml` or `modules.yaml`, etc.) you can add that here as well. -->
-
-### Additional information
-
-<!-- Please upload the following files. They should be present in the stage directory of the failing build. Also upload any config.log or similar file if one exists. -->
-* [spack-build-out.txt]()
-* [spack-build-env.txt]()
-
-<!-- Some packages have maintainers who have volunteered to debug build failures. Run `spack maintainers <name-of-the-package>` and @mention them here if they exist. -->
-
-### General information
-
-<!-- These boxes can be checked by replacing [ ] with [x] or by clicking them after submitting the issue. -->
- [ ] I have run `spack debug report` and reported the version of Spack/Python/Platform
- [ ] I have run `spack maintainers <name-of-the-package>` and @mentioned any maintainers
- [ ] I have uploaded the build log and environment files
- [ ] I have searched the issues of this repo and believe this is not a duplicate
--- a/.github/ISSUE_TEMPLATE/build_error.yml
+++ b/.github/ISSUE_TEMPLATE/build_error.yml
@@ -0,0 +1,64 @@
+name: "\U0001F4A5 Build error"
+description: Some package in Spack didn't build correctly
+title: "Installation issue: "
+labels: [build-error]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to report this build failure. To proceed with the report please:
+        1. Title the issue `Installation issue: <name-of-the-package>`.
+        2. Provide the information required below.
+        
+        We encourage you to try, as much as possible, to reduce your problem to the minimal example that still reproduces the issue. That would help us a lot in fixing it quickly and effectively!
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Steps to reproduce the issue
+      description: |
+        Fill in the exact spec you are trying to build and the relevant part of the error message
+      placeholder: |
+        ```console
+        $ spack install <spec>
+        ...
+        ```
+    validations:
+      required: true
+  - type: textarea
+    id: information
+    attributes:
+      label: Information on your system
+      description: Please include the output of `spack debug report`
+    validations:
+      required: true
+  - type: markdown
+    attributes:
+      value: |
+        If you have any relevant configuration detail (custom `packages.yaml` or `modules.yaml`, etc.) you can add that here as well.
+  - type: textarea
+    id: additional_information
+    attributes:
+      label: Additional information
+      description: |
+        Please upload the following files:
+        * **`spack-build-out.txt`**
+        * **`spack-build-env.txt`**
+        
+        They should be present in the stage directory of the failing build. Also upload any `config.log` or similar file if one exists.
+  - type: markdown
+    attributes:
+      value: |
+        Some packages have maintainers who have volunteered to debug build failures. Run `spack maintainers <name-of-the-package>` and **@mention** them here if they exist.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: General information
+      options:
+        - label: I have run `spack debug report` and reported the version of Spack/Python/Platform
+          required: true
+        - label: I have run `spack maintainers <name-of-the-package>` and **@mentioned** any maintainers
+          required: true
+        - label: I have uploaded the build log and environment files
+          required: true
+        - label: I have searched the issues of this repo and believe this is not a duplicate
+          required: true
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: true
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,33 +0,0 @@
---
-name: "\U0001F38A Feature request" 
-about: Suggest adding a feature that is not yet in Spack  
-labels: feature
-
---
-
-<!--*Please add a concise summary of your suggestion here.*-->
-
-### Rationale
-
-<!--*Is your feature request related to a problem? Please describe it!*-->
-
-### Description
-
-<!--*Describe the solution you'd like and the alternatives you have considered.*-->
-
-
-### Additional information
-<!--*Add any other context about the feature request here.*-->
-
-
-### General information
-
- [ ] I have run `spack --version` and reported the version of Spack
- [ ] I have searched the issues of this repo and believe this is not a duplicate
-
-
-
-<!--If you want to ask a question about the tool (how to use it, what it can currently do, etc.), try the `#general` channel on our Slack first. We have a welcoming community and chances are you'll get your reply faster and without opening an issue.
-
-Other than that, thanks for taking the time to contribute to Spack!
-->
--- a/.github/ISSUE_TEMPLATE/feature_request.yml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,41 @@
+name: "\U0001F38A Feature request" 
+description: Suggest adding a feature that is not yet in Spack
+labels: [feature]
+body:
+  - type: textarea
+    id: summary
+    attributes:
+      label: Summary
+      description: Please add a concise summary of your suggestion here.
+    validations:
+      required: true
+  - type: textarea
+    id: rationale
+    attributes:
+      label: Rationale
+      description: Is your feature request related to a problem? Please describe it!
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Describe the solution you'd like and the alternatives you have considered.
+  - type: textarea
+    id: additional_information
+    attributes:
+      label: Additional information
+      description: Add any other context about the feature request here.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: General information
+      options:
+        - label: I have run `spack --version` and reported the version of Spack
+          required: true
+        - label: I have searched the issues of this repo and believe this is not a duplicate
+          required: true
+  - type: markdown
+    attributes:
+      value: |
+        If you want to ask a question about the tool (how to use it, what it can currently do, etc.), try the `#general` channel on [our Slack](https://slack.spack.io/) first. We have a welcoming community and chances are you'll get your reply faster and without opening an issue.
+        
+        Other than that, thanks for taking the time to contribute to Spack!
--- a/.github/actions/add-maintainers-as-reviewers/Dockerfile
+++ b/.github/actions/add-maintainers-as-reviewers/Dockerfile
@@ -1,6 +0,0 @@
-FROM python:3.7-alpine
-
-RUN pip install pygithub
-
-ADD entrypoint.py /entrypoint.py
-ENTRYPOINT ["/entrypoint.py"]
--- a/.github/actions/add-maintainers-as-reviewers/entrypoint.py
+++ b/.github/actions/add-maintainers-as-reviewers/entrypoint.py
@@ -1,85 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
-# Spack Project Developers. See the top-level COPYRIGHT file for details.
-#
-# SPDX-License-Identifier: (Apache-2.0 OR MIT)
-
-"""Maintainer review action.
-
-This action checks which packages have changed in a PR, and adds their
-maintainers to the pull request for review.
-"""
-
-import json
-import os
-import re
-import subprocess
-
-from github import Github
-
-
-def spack(*args):
-    """Run the spack executable with arguments, and return the output split.
-
-    This does just enough to run `spack pkg` and `spack maintainers`, the
-    two commands used by this action.
-    """
-    github_workspace = os.environ['GITHUB_WORKSPACE']
-    spack = os.path.join(github_workspace, 'bin', 'spack')
-    output = subprocess.check_output([spack] + list(args))
-    split = re.split(r'\s*', output.decode('utf-8').strip())
-    return [s for s in split if s]
-
-
-def main():
-    # get these first so that we'll fail early
-    token = os.environ['GITHUB_TOKEN']
-    event_path = os.environ['GITHUB_EVENT_PATH']
-
-    with open(event_path) as file:
-        data = json.load(file)
-
-    # make sure it's a pull_request event
-    assert 'pull_request' in data
-
-    # only request reviews on open, edit, or reopen
-    action = data['action']
-    if action not in ('opened', 'edited', 'reopened'):
-        return
-
-    # get data from the event payload
-    pr_data             = data['pull_request']
-    base_branch_name    = pr_data['base']['ref']
-    full_repo_name      = pr_data['base']['repo']['full_name']
-    pr_number           = pr_data['number']
-    requested_reviewers = pr_data['requested_reviewers']
-    author              = pr_data['user']['login']
-
-    # get a list of packages that this PR modified
-    changed_pkgs = spack(
-        'pkg', 'changed', '--type', 'ac', '%s...' % base_branch_name)
-
-    # get maintainers for all modified packages
-    maintainers = set()
-    for pkg in changed_pkgs:
-        pkg_maintainers = set(spack('maintainers', pkg))
-        maintainers |= pkg_maintainers
-
-    # remove any maintainers who are already on the PR, and the author,
-    # as you can't review your own PR)
-    maintainers -= set(requested_reviewers)
-    maintainers -= set([author])
-
-    if not maintainers:
-        return
-
-    # request reviews from each maintainer
-    gh = Github(token)
-    repo = gh.get_repo(full_repo_name)
-    pr = repo.get_pull(pr_number)
-    pr.create_review_request(list(maintainers))
-
-
-if __name__ == "__main__":
-    main()
--- a/.github/workflows/bootstrap.yml
+++ b/.github/workflows/bootstrap.yml
@@ -0,0 +1,160 @@
+name: Bootstrapping
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - releases/**
+    paths-ignore:
+      # Don't run if we only modified packages in the
+      # built-in repository or documentation
+      - 'var/spack/repos/builtin/**'
+      - '!var/spack/repos/builtin/packages/clingo-bootstrap/**'
+      - '!var/spack/repos/builtin/packages/python/**'
+      - 'lib/spack/docs/**'
+  schedule:
+    # nightly at 2:16 AM
+    - cron: '16 2 * * *'
+
+jobs:
+
+  fedora-sources:
+    runs-on: ubuntu-latest
+    container: "fedora:latest"
+    steps:
+      - name: Install dependencies
+        run: |
+          dnf install -y \
+              bzip2 curl file gcc-c++ gcc gcc-gfortran git gnupg2 gzip \
+              make patch unzip which xz python3 python3-devel tree \
+              cmake bison bison-devel libstdc++-static
+      - uses: actions/checkout@v2
+      - name: Setup repo and non-root user
+        run: |
+          git --version
+          git fetch --unshallow
+          . .github/workflows/setup_git.sh
+          useradd spack-test
+          chown -R spack-test .
+      - name: Bootstrap clingo
+        shell: runuser -u spack-test -- bash {0}
+        run: |
+          source share/spack/setup-env.sh
+          spack bootstrap untrust github-actions
+          spack external find cmake bison
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
+
+  ubuntu-sources:
+    runs-on: ubuntu-latest
+    container: "ubuntu:latest"
+    steps:
+      - name: Install dependencies
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update -y && apt-get upgrade -y
+          apt-get install -y \
+              bzip2 curl file g++ gcc gfortran git gnupg2 gzip \
+              make patch unzip xz-utils python3 python3-dev tree \
+              cmake bison
+      - uses: actions/checkout@v2
+      - name: Setup repo and non-root user
+        run: |
+          git --version
+          git fetch --unshallow
+          . .github/workflows/setup_git.sh
+          useradd -m spack-test
+          chown -R spack-test .
+      - name: Bootstrap clingo
+        shell: runuser -u spack-test -- bash {0}
+        run: |
+          source share/spack/setup-env.sh
+          spack bootstrap untrust github-actions
+          spack external find cmake bison
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
+
+  opensuse-sources:
+    runs-on: ubuntu-latest
+    container: "opensuse/tumbleweed:latest"
+    steps:
+      - name: Install dependencies
+        run: |
+          zypper update -y
+          zypper install -y \
+              bzip2 curl file gcc-c++ gcc gcc-fortran tar git gpg2 gzip \
+              make patch unzip which xz python3 python3-devel tree \
+              cmake bison
+      - uses: actions/checkout@v2
+      - name: Setup repo and non-root user
+        run: |
+          git --version
+          git fetch --unshallow
+          . .github/workflows/setup_git.sh
+      - name: Bootstrap clingo
+        run: |
+          source share/spack/setup-env.sh
+          spack bootstrap untrust github-actions
+          spack external find cmake bison
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
+
+  macos-sources:
+    runs-on: macos-latest
+    steps:
+      - name: Install dependencies
+        run: |
+          brew install cmake bison@2.7 tree
+      - uses: actions/checkout@v2
+      - name: Bootstrap clingo
+        run: |
+          source share/spack/setup-env.sh
+          export PATH=/usr/local/opt/bison@2.7/bin:$PATH
+          spack bootstrap untrust github-actions
+          spack external find --not-buildable cmake bison
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
+
+  macos-clingo-binaries:
+    runs-on: macos-latest
+    strategy:
+      matrix:
+        python-version: ['3.5', '3.6', '3.7', '3.8', '3.9']
+    steps:
+      - name: Install dependencies
+        run: |
+          brew install tree
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Bootstrap clingo
+        run: |
+          source share/spack/setup-env.sh
+          spack bootstrap untrust spack-install
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
+
+
+  ubuntu-clingo-binaries:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['2.7', '3.5', '3.6', '3.7', '3.8', '3.9']
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Setup repo and non-root user
+        run: |
+          git --version
+          git fetch --unshallow
+          . .github/workflows/setup_git.sh
+      - name: Bootstrap clingo
+        run: |
+          source share/spack/setup-env.sh
+          spack bootstrap untrust spack-install
+          spack -d solve zlib
+          tree ~/.spack/bootstrap/store/
--- a/.github/workflows/build-containers.yml
+++ b/.github/workflows/build-containers.yml
@@ -0,0 +1,72 @@
+name: Build & Deploy Docker Containers
+on:
+  # Build new Spack develop containers nightly.
+  schedule:
+    - cron: '34 0 * * *'
+  # Let's also build & tag Spack containers on releases.
+  release:
+    types: [published]
+
+jobs:
+  deploy-images:
+    runs-on: ubuntu-latest 
+    strategy:
+      # Even if one container fails to build we still want the others
+      # to continue their builds.
+      fail-fast: false
+      # A matrix of Dockerfile paths, associated tags, and which architectures
+      # they support.
+      matrix:
+        dockerfile: [[amazon-linux, amazonlinux-2.dockerfile, 'linux/amd64,linux/arm64'], 
+                     [centos7, centos-7.dockerfile, 'linux/amd64,linux/arm64'],
+                     [leap15, leap-15.dockerfile, 'linux/amd64,linux/arm64'],
+                     [ubuntu-xenial, ubuntu-1604.dockerfile, 'linux/amd64,linux/arm64'],
+                     [ubuntu-bionic, ubuntu-1804.dockerfile, 'linux/amd64,linux/arm64']]
+    name: Build ${{ matrix.dockerfile[0] }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Set Container Tag Normal (Nightly)
+        run: |
+          container="ghcr.io/spack/${{ matrix.dockerfile[0]}}:latest"
+          echo "container=${container}" >> $GITHUB_ENV
+          echo "versioned=${container}" >> $GITHUB_ENV
+
+        # On a new release create a container with the same tag as the release.
+      - name: Set Container Tag on Release
+        if: github.event_name == 'release'
+        run: |
+          versioned="ghcr.io/spack/${{matrix.dockerfile[0]}}:${GITHUB_REF##*/}"
+          echo "versioned=${versioned}" >> $GITHUB_ENV
+
+      - name: Check ${{ matrix.dockerfile[1] }} Exists
+        run: |
+          printf "Preparing to build ${{ env.container }} from ${{ matrix.dockerfile[1] }}"
+          if [ ! -f "share/spack/docker/${{ matrix.dockerfile[1]}}" ]; then
+              printf "Dockerfile ${{ matrix.dockerfile[0]}} does not exist"
+              exit 1;
+          fi
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build & Deploy ${{ matrix.dockerfile[1] }}
+        uses: docker/build-push-action@v2
+        with:
+          file: share/spack/docker/${{matrix.dockerfile[1]}}
+          platforms: ${{ matrix.dockerfile[2] }}
+          push: true
+          tags: |
+            ${{ env.container }}
+            ${{ env.versioned }}
--- a/.github/workflows/linux_build_tests.yaml
+++ b/.github/workflows/linux_build_tests.yaml
@@ -1,77 +0,0 @@
-name: linux builds
-
-on:
-  push:
-    branches:
-    - develop
-    - releases/**
-    paths-ignore:
-      # Don't run if we only modified packages in the built-in repository
-      - 'var/spack/repos/builtin/**'
-      - '!var/spack/repos/builtin/packages/lz4/**'
-      - '!var/spack/repos/builtin/packages/mpich/**'
-      - '!var/spack/repos/builtin/packages/tut/**'
-      - '!var/spack/repos/builtin/packages/py-setuptools/**'
-      - '!var/spack/repos/builtin/packages/openjpeg/**'
-      - '!var/spack/repos/builtin/packages/r-rcpp/**'
-      - '!var/spack/repos/builtin/packages/ruby-rake/**'
-      # Don't run if we only modified documentation
-      - 'lib/spack/docs/**'
-  pull_request:
-    branches:
-    - develop
-    - releases/**
-    paths-ignore:
-      # Don't run if we only modified packages in the built-in repository
-      - 'var/spack/repos/builtin/**'
-      - '!var/spack/repos/builtin/packages/lz4/**'
-      - '!var/spack/repos/builtin/packages/mpich/**'
-      - '!var/spack/repos/builtin/packages/tut/**'
-      - '!var/spack/repos/builtin/packages/py-setuptools/**'
-      - '!var/spack/repos/builtin/packages/openjpeg/**'
-      - '!var/spack/repos/builtin/packages/r-rcpp/**'
-      - '!var/spack/repos/builtin/packages/ruby-rake/**'
-      # Don't run if we only modified documentation
-      - 'lib/spack/docs/**'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        package:
-        - lz4  # MakefilePackage
-        - mpich~fortran  # AutotoolsPackage
-        - 'tut%gcc@:10.99.99'  # WafPackage
-        - py-setuptools  # PythonPackage
-        - openjpeg  # CMakePackage
-        - r-rcpp  # RPackage
-        - ruby-rake  # RubyPackage
-    steps:
-    - uses: actions/checkout@v2
-    - uses: actions/cache@v2.1.5
-      with:
-        path: ~/.ccache
-        key: ccache-build-${{ matrix.package }}
-        restore-keys: |
-          ccache-build-${{ matrix.package }}
-    - uses: actions/setup-python@v2
-      with:
-        python-version: 3.9
-    - name: Install System Packages
-      run: |
-        sudo apt-get update
-        sudo apt-get -yqq install ccache gfortran perl perl-base r-base r-base-core r-base-dev ruby findutils openssl libssl-dev libpciaccess-dev
-        R --version
-        perl --version
-        ruby --version
-    - name: Copy Configuration
-      run: |
-        ccache -M 300M && ccache -z
-        # Set up external deps for build tests, b/c they take too long to compile
-        cp share/spack/qa/configuration/*.yaml etc/spack/
-    - name: Run the build test
-      run: |
-        . share/spack/setup-env.sh
-        SPEC=${{ matrix.package }} share/spack/qa/run-build-tests
-        ccache -s
--- a/.github/workflows/unit_tests.yaml
+++ b/.github/workflows/unit_tests.yaml
@@ -24,9 +24,9 @@ jobs:
        pip install --upgrade pip
        pip install --upgrade vermin
    - name: vermin (Spack's Core)
-      run: vermin --backport argparse --backport typing -t=2.6- -t=3.5- -v lib/spack/spack/ lib/spack/llnl/ bin/
+      run: vermin --backport argparse --violations --backport typing -t=2.6- -t=3.5- -vvv lib/spack/spack/ lib/spack/llnl/ bin/
    - name: vermin (Repositories)
-      run: vermin --backport argparse --backport typing -t=2.6- -t=3.5- -v var/spack/repos
+      run: vermin --backport argparse --violations --backport typing -t=2.6- -t=3.5- -vvv var/spack/repos
  # Run style checks on the files that have been changed
  style:
    runs-on: ubuntu-latest
@@ -39,7 +39,7 @@ jobs:
        python-version: 3.9
    - name: Install Python packages
      run: |
-        pip install --upgrade pip six setuptools flake8 mypy>=0.800 black
+        pip install --upgrade pip six setuptools types-six
    - name: Setup git configuration
      run: |
        # Need this for the git tests to succeed.
@@ -129,39 +129,34 @@ jobs:
      run: |
          sudo apt-get -y update
          # Needed for unit tests
-          sudo apt-get install -y coreutils gfortran graphviz gnupg2 mercurial
-          sudo apt-get install -y ninja-build patchelf
-          # Needed for kcov
-          sudo apt-get -y install cmake binutils-dev libcurl4-openssl-dev
-          sudo apt-get -y install zlib1g-dev libdw-dev libiberty-dev
+          sudo apt-get -y install \
+              coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build \
+              patchelf cmake bison libbison-dev kcov
    - name: Install Python packages
      run: |
-          pip install --upgrade pip six setuptools codecov coverage
+          pip install --upgrade pip six setuptools codecov coverage[toml]
+          # ensure style checks are not skipped in unit tests for python >= 3.6
+          # note that true/false (i.e., 1/0) are opposite in conditions in python and bash
+          if python -c 'import sys; sys.exit(not sys.version_info >= (3, 6))'; then
+              pip install --upgrade flake8 isort>=4.3.5 mypy>=0.900 black
+          fi
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
          git --version
          . .github/workflows/setup_git.sh
-    - name: Install kcov for bash script coverage
-      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
-      env:
-          KCOV_VERSION: 34
-      run: |
-          KCOV_ROOT=$(mktemp -d)
-          wget --output-document=${KCOV_ROOT}/${KCOV_VERSION}.tar.gz https://github.com/SimonKagstrom/kcov/archive/v${KCOV_VERSION}.tar.gz
-          tar -C ${KCOV_ROOT} -xzvf ${KCOV_ROOT}/${KCOV_VERSION}.tar.gz
-          mkdir -p ${KCOV_ROOT}/build
-          cd ${KCOV_ROOT}/build && cmake -Wno-dev ${KCOV_ROOT}/kcov-${KCOV_VERSION} && cd -
-          make -C ${KCOV_ROOT}/build && sudo  make -C ${KCOV_ROOT}/build install
-    - name: Bootstrap clingo from sources
+    - name: Bootstrap clingo
      if: ${{ matrix.concretizer == 'clingo' }}
+      env:
+          SPACK_PYTHON: python
      run: |
          . share/spack/setup-env.sh
-          spack external find --not-buildable cmake bison
+          spack bootstrap untrust spack-install
          spack -v solve zlib
    - name: Run unit tests (full suite with coverage)
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      env:
+          SPACK_PYTHON: python
          COVERAGE: true
          SPACK_TEST_SOLVER: ${{ matrix.concretizer }}
      run: |
@@ -171,11 +166,12 @@ jobs:
    - name: Run unit tests (reduced suite without coverage)
      if: ${{ needs.changes.outputs.with_coverage == 'false' }}
      env:
+          SPACK_PYTHON: python
          ONLY_PACKAGES: true
          SPACK_TEST_SOLVER: ${{ matrix.concretizer }}
      run: |
          share/spack/qa/run-unit-tests
-    - uses: codecov/codecov-action@v1
+    - uses: codecov/codecov-action@v2.0.2
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      with:
        flags: unittests,linux,${{ matrix.concretizer }}
@@ -194,29 +190,15 @@ jobs:
      run: |
          sudo apt-get -y update
          # Needed for shell tests
-          sudo apt-get install -y coreutils csh zsh tcsh fish dash bash
-          # Needed for kcov
-          sudo apt-get -y install cmake binutils-dev libcurl4-openssl-dev
-          sudo apt-get -y install zlib1g-dev libdw-dev libiberty-dev
+          sudo apt-get install -y coreutils kcov csh zsh tcsh fish dash bash
    - name: Install Python packages
      run: |
-          pip install --upgrade pip six setuptools codecov coverage
+          pip install --upgrade pip six setuptools codecov coverage[toml]
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
          git --version
          . .github/workflows/setup_git.sh
-    - name: Install kcov for bash script coverage
-      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
-      env:
-          KCOV_VERSION: 38
-      run: |
-          KCOV_ROOT=$(mktemp -d)
-          wget --output-document=${KCOV_ROOT}/${KCOV_VERSION}.tar.gz https://github.com/SimonKagstrom/kcov/archive/v${KCOV_VERSION}.tar.gz
-          tar -C ${KCOV_ROOT} -xzvf ${KCOV_ROOT}/${KCOV_VERSION}.tar.gz
-          mkdir -p ${KCOV_ROOT}/build
-          cd ${KCOV_ROOT}/build && cmake -Wno-dev ${KCOV_ROOT}/kcov-${KCOV_VERSION} && cd -
-          make -C ${KCOV_ROOT}/build && sudo  make -C ${KCOV_ROOT}/build install
    - name: Run shell tests (without coverage)
      if: ${{ needs.changes.outputs.with_coverage == 'false' }}
      run: |
@@ -227,7 +209,7 @@ jobs:
          COVERAGE: true
      run: |
          share/spack/qa/run-shell-tests
-    - uses: codecov/codecov-action@v1
+    - uses: codecov/codecov-action@v2.0.2
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      with:
        flags: shelltests,linux
@@ -283,12 +265,10 @@ jobs:
          useradd spack-test
          chown -R spack-test .
    - name: Run unit tests
-      env:
-          SPACK_PYTHON: /usr/libexec/platform-python
      shell: runuser -u spack-test -- bash {0}
      run: |
          source share/spack/setup-env.sh
-          spack unit-test -k 'not svn and not hg' -x --verbose
+          spack unit-test -k 'not cvs and not svn and not hg' -x --verbose
  # Test for the clingo based solver (using clingo-cffi)
  clingo-cffi:
    needs: [ validate, style, documentation, changes ]
@@ -304,25 +284,12 @@ jobs:
      run: |
          sudo apt-get -y update
          # Needed for unit tests
-          sudo apt-get install -y coreutils gfortran graphviz gnupg2 mercurial
-          sudo apt-get install -y ninja-build patchelf
-          # Needed for kcov
-          sudo apt-get -y install cmake binutils-dev libcurl4-openssl-dev
-          sudo apt-get -y install zlib1g-dev libdw-dev libiberty-dev
-    - name: Install kcov for bash script coverage
-      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
-      env:
-          KCOV_VERSION: 34
-      run: |
-          KCOV_ROOT=$(mktemp -d)
-          wget --output-document=${KCOV_ROOT}/${KCOV_VERSION}.tar.gz https://github.com/SimonKagstrom/kcov/archive/v${KCOV_VERSION}.tar.gz
-          tar -C ${KCOV_ROOT} -xzvf ${KCOV_ROOT}/${KCOV_VERSION}.tar.gz
-          mkdir -p ${KCOV_ROOT}/build
-          cd ${KCOV_ROOT}/build && cmake -Wno-dev ${KCOV_ROOT}/kcov-${KCOV_VERSION} && cd -
-          make -C ${KCOV_ROOT}/build && sudo  make -C ${KCOV_ROOT}/build install
+          sudo apt-get -y install \
+              coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build \
+              patchelf kcov
    - name: Install Python packages
      run: |
-          pip install --upgrade pip six setuptools codecov coverage clingo
+          pip install --upgrade pip six setuptools codecov coverage[toml] clingo
    - name: Setup git configuration
      run: |
          # Need this for the git tests to succeed.
@@ -344,7 +311,7 @@ jobs:
          SPACK_TEST_SOLVER: clingo
      run: |
          share/spack/qa/run-unit-tests
-    - uses: codecov/codecov-action@v1
+    - uses: codecov/codecov-action@v2.0.2
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      with:
        flags: unittests,linux,clingo
@@ -365,8 +332,7 @@ jobs:
    - name: Install Python packages
      run: |
          pip install --upgrade pip six setuptools
-          pip install --upgrade codecov coverage
-          pip install --upgrade flake8 pep8-naming mypy
+          pip install --upgrade codecov coverage[toml]
    - name: Setup Homebrew packages
      run: |
        brew install dash fish gcc gnupg2 kcov
@@ -380,12 +346,15 @@ jobs:
          coverage run $(which spack) unit-test -x
          coverage combine
          coverage xml
+          # Delete the symlink going from ./lib/spack/docs/_spack_root back to
+          # the initial directory, since it causes ELOOP errors with codecov/actions@2
+          rm lib/spack/docs/_spack_root
        else
          echo "ONLY PACKAGE RECIPES CHANGED [skipping coverage]"
          $(which spack) unit-test -x -m "not maybeslow" -k "package_sanity"
        fi
-    - uses: codecov/codecov-action@v1
+    - uses: codecov/codecov-action@v2.0.2
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      with:
-        file: ./coverage.xml
+        files: ./coverage.xml
        flags: unittests,macos
--- a/.gitignore
+++ b/.gitignore
@@ -508,4 +508,4 @@ $RECYCLE.BIN/
 *.msp

 # Windows shortcuts
-*.lnk
+*.lnk
--- a/.mypy.ini
+++ b/.mypy.ini
@@ -1,35 +0,0 @@
-[mypy]
-python_version = 3.7
-files=lib/spack/llnl/**/*.py,lib/spack/spack/**/*.py
-mypy_path=bin,lib/spack,lib/spack/external,var/spack/repos/builtin
-# This and a generated import file allows supporting packages
-namespace_packages=True
-# To avoid re-factoring all the externals, ignore errors and missing imports
-# globally, then turn back on in spack and spack submodules
-ignore_errors=True
-ignore_missing_imports=True
-
-[mypy-spack.*]
-ignore_errors=False
-ignore_missing_imports=False
-
-[mypy-packages.*]
-ignore_errors=False
-ignore_missing_imports=False
-
-[mypy-llnl.*]
-ignore_errors=False
-ignore_missing_imports=False
-
-[mypy-spack.test.packages]
-ignore_errors=True
-
-# ignore errors in fake import path for packages
-[mypy-spack.pkg.*]
-ignore_errors=True
-ignore_missing_imports=True
-
-# jinja has syntax in it that requires python3 and causes a parse error
-# skip importing it
-[mypy-jinja2]
-follow_imports=skip
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,30 @@
+# v0.16.2 (2021-05-22)
+
+* Major performance improvement for `spack load` and other commands. (#23661)
+* `spack fetch` is now environment-aware. (#19166)
+* Numerous fixes for the new, `clingo`-based concretizer. (#23016, #23307,
+  #23090, #22896, #22534, #20644, #20537, #21148)
+* Supoprt for automatically bootstrapping `clingo` from source. (#20652, #20657
+  #21364, #21446, #21913, #22354, #22444, #22460, #22489, #22610, #22631)
+* Python 3.10 support: `collections.abc` (#20441)
+* Fix import issues by using `__import__` instead of Spack package importe.
+  (#23288, #23290)
+* Bugfixes and `--source-dir` argument for `spack location`. (#22755, #22348,
+  #22321)
+* Better support for externals in shared prefixes. (#22653)
+* `spack build-env` now prefers specs defined in the active environment.
+  (#21642)
+* Remove erroneous warnings about quotes in `from_sourcing_files`. (#22767)
+* Fix clearing cache of `InternalConfigScope`. (#22609)
+* Bugfix for active when pkg is already active error. (#22587)
+* Make `SingleFileScope` able to repopulate the cache after clearing it.
+  (#22559)
+* Channelflow: Fix the package. (#22483)
+* More descriptive error message for bugs in `package.py` (#21811)
+* Use package-supplied `autogen.sh`. (#20319)
+* Respect `-k/verify-ssl-false` in `_existing_url` method. (#21864)
+
+
 # v0.16.1 (2021-02-22)

 This minor release includes a new feature and associated fixes:
--- a/README.md
+++ b/README.md
@@ -1,11 +1,11 @@
 # <img src="https://cdn.rawgit.com/spack/spack/develop/share/spack/logo/spack-logo.svg" width="64" valign="middle" alt="Spack"/> Spack

 [![Unit Tests](https://github.com/spack/spack/workflows/linux%20tests/badge.svg)](https://github.com/spack/spack/actions)
-[![Linux Builds](https://github.com/spack/spack/workflows/linux%20builds/badge.svg)](https://github.com/spack/spack/actions)
+[![Bootstrapping](https://github.com/spack/spack/actions/workflows/bootstrap.yml/badge.svg)](https://github.com/spack/spack/actions/workflows/bootstrap.yml)
 [![macOS Builds (nightly)](https://github.com/spack/spack/workflows/macOS%20builds%20nightly/badge.svg?branch=develop)](https://github.com/spack/spack/actions?query=workflow%3A%22macOS+builds+nightly%22)
 [![codecov](https://codecov.io/gh/spack/spack/branch/develop/graph/badge.svg)](https://codecov.io/gh/spack/spack)
 [![Read the Docs](https://readthedocs.org/projects/spack/badge/?version=latest)](https://spack.readthedocs.io)
-[![Slack](https://spackpm.herokuapp.com/badge.svg)](https://spackpm.herokuapp.com)
+[![Slack](https://slack.spack.io/badge.svg)](https://slack.spack.io)

 Spack is a multi-platform package manager that builds and installs
 multiple versions and configurations of software. It works on Linux,
@@ -36,6 +36,8 @@ Documentation
 [**Full documentation**](https://spack.readthedocs.io/) is available, or
 run `spack help` or `spack help --all`.

+For a cheat sheet on Spack syntax, run `spack help --spec`.
+
 Tutorial
 ----------------

@@ -58,7 +60,7 @@ packages to bugfixes, documentation, or even new core features.
 Resources:

 * **Slack workspace**: [spackpm.slack.com](https://spackpm.slack.com).
-  To get an invitation, [**click here**](https://spackpm.herokuapp.com).
+  To get an invitation, visit [slack.spack.io](https://slack.spack.io).
 * **Mailing list**: [groups.google.com/d/forum/spack](https://groups.google.com/d/forum/spack)
 * **Twitter**: [@spackpm](https://twitter.com/spackpm). Be sure to
  `@mention` us!
@@ -72,7 +74,7 @@ When you send your request, make ``develop`` the destination branch on the

 Your PR must pass Spack's unit tests and documentation tests, and must be
 [PEP 8](https://www.python.org/dev/peps/pep-0008/) compliant.  We enforce
-these guidelines with our CI process. To run these tests locally, and for 
+these guidelines with our CI process. To run these tests locally, and for
 helpful tips on git, see our
 [Contribution Guide](https://spack.readthedocs.io/en/latest/contribution_guide.html).

--- a/bin/spack
+++ b/bin/spack
@@ -11,7 +11,8 @@
 # See https://stackoverflow.com/a/47886254
 """:"
 # prefer SPACK_PYTHON environment variable, python3, python, then python2
-for cmd in "${SPACK_PYTHON:-}" python3 python python2; do
+SPACK_PREFERRED_PYTHONS="python3 python python2 /usr/libexec/platform-python"
+for cmd in "${SPACK_PYTHON:-}" ${SPACK_PREFERRED_PYTHONS}; do
    if command -v > /dev/null "$cmd"; then
        export SPACK_PYTHON="$(command -v "$cmd")"
        exec "${SPACK_PYTHON}" "$0" "$@"
@@ -27,6 +28,7 @@ exit 1
 from __future__ import print_function

 import os
+import os.path
 import sys

 min_python3 = (3, 5)
@@ -69,6 +71,28 @@ if "ruamel.yaml" in sys.modules:
 if "ruamel" in sys.modules:
    del sys.modules["ruamel"]

+# The following code is here to avoid failures when updating
+# the develop version, due to spurious argparse.pyc files remaining
+# in the libs/spack/external directory, see:
+# https://github.com/spack/spack/pull/25376
+# TODO: Remove in v0.18.0 or later
+try:
+    import argparse
+except ImportError:
+    argparse_pyc = os.path.join(spack_external_libs, 'argparse.pyc')
+    if not os.path.exists(argparse_pyc):
+        raise
+    try:
+        os.remove(argparse_pyc)
+        import argparse  # noqa
+    except Exception:
+        msg = ('The file\n\n\t{0}\n\nis corrupted and cannot be deleted by Spack. '
+               'Either delete it manually or ask some administrator to '
+               'delete it for you.')
+        print(msg.format(argparse_pyc))
+        sys.exit(1)
+
+
 import spack.main  # noqa

 # Once we've set up the system path, run the spack main method
--- a/etc/spack/defaults/bootstrap.yaml
+++ b/etc/spack/defaults/bootstrap.yaml
@@ -0,0 +1,32 @@
+bootstrap:
+  # If set to false Spack will not bootstrap missing software,
+  # but will instead raise an error.
+  enable: true
+  # Root directory for bootstrapping work. The software bootstrapped
+  # by Spack is installed in a "store" subfolder of this root directory
+  root: ~/.spack/bootstrap
+  # Methods that can be used to bootstrap software. Each method may or
+  # may not be able to bootstrap all of the software that Spack needs,
+  # depending on its type.
+  sources:
+  - name: 'github-actions'
+    type: buildcache
+    description: |
+      Buildcache generated from a public workflow using Github Actions.
+      The sha256 checksum of binaries is checked before installation.
+    info:
+      url: https://mirror.spack.io/bootstrap/github-actions/v0.1
+      homepage: https://github.com/alalazo/spack-bootstrap-mirrors
+      releases: https://github.com/alalazo/spack-bootstrap-mirrors/releases
+  # This method is just Spack bootstrapping the software it needs from sources.
+  # It has been added here so that users can selectively disable bootstrapping
+  # from sources by "untrusting" it.
+  - name: spack-install
+    type: install
+    description: |
+      Specs built from sources by Spack. May take a long time.
+  trusted:
+    # By default we trust bootstrapping from sources and from binaries
+    # produced on Github via the workflow
+    github-actions: true
+    spack-install: true
--- a/etc/spack/defaults/config.yaml
+++ b/etc/spack/defaults/config.yaml
@@ -33,13 +33,6 @@ config:
  template_dirs:
    - $spack/share/spack/templates

-
-  # Locations where different types of modules should be installed.
-  module_roots:
-    tcl:    $spack/share/spack/modules
-    lmod:   $spack/share/spack/lmod
-
-
  # Temporary locations Spack can try to use for builds.
  #
  # Recommended options are given below.
@@ -141,6 +134,10 @@ config:
  # enabling locks.
  locks: true

+  # The default url fetch method to use. 
+  # If set to 'curl', Spack will require curl on the user's system
+  # If set to 'urllib', Spack will use python built-in libs to fetch
+  url_fetch_method: urllib

  # The maximum number of jobs to use for the build system (e.g. `make`), when
  # the -j flag is not given on the command line. Defaults to 16 when not set.
--- a/etc/spack/defaults/darwin/packages.yaml
+++ b/etc/spack/defaults/darwin/packages.yaml
@@ -21,12 +21,10 @@ packages:
    - gcc
    - intel
    providers:
-      elf:
-      - libelf
-      unwind:
-      - apple-libunwind
-      uuid:
-      - apple-libuuid
+      elf: [libelf]
+      fuse: [macfuse]
+      unwind: [apple-libunwind]
+      uuid: [apple-libuuid]
  apple-libunwind:
    buildable: false
    externals:
--- a/etc/spack/defaults/mirrors.yaml
+++ b/etc/spack/defaults/mirrors.yaml
@@ -1,2 +1,2 @@
 mirrors:
-  spack-public: https://spack-llnl-mirror.s3-us-west-2.amazonaws.com/
+  spack-public: https://mirror.spack.io
--- a/etc/spack/defaults/modules.yaml
+++ b/etc/spack/defaults/modules.yaml
@@ -14,8 +14,7 @@
 #   ~/.spack/modules.yaml
 # -------------------------------------------------------------------------
 modules:
-  enable:
-    - tcl
+  # Paths to check when creating modules for all module sets
  prefix_inspections:
    bin:
      - PATH
@@ -34,6 +33,20 @@ modules:
    '':
      - CMAKE_PREFIX_PATH

-  lmod:
-    hierarchy:
-      - mpi
+  # These are configurations for the module set named "default"
+  default:
+    # These values are defaulted in the code. They are not defaulted here so
+    # that we can enable backwards compatibility with the old syntax more
+    # easily (old value is in the config yaml, config:module_roots)
+    # Where to install modules
+    # roots:
+    #  tcl:    $spack/share/spack/modules
+    #  lmod:   $spack/share/spack/lmod
+    # What type of modules to use
+    enable:
+      - tcl
+
+    # Default configurations if lmod is enabled
+    lmod:
+      hierarchy:
+        - mpi
--- a/etc/spack/defaults/packages.yaml
+++ b/etc/spack/defaults/packages.yaml
@@ -17,39 +17,44 @@ packages:
  all:
    compiler: [gcc, intel, pgi, clang, xl, nag, fj, aocc]
    providers:
-      D: [ldc]
      awk: [gawk]
      blas: [openblas, amdblis]
+      D: [ldc]
      daal: [intel-daal]
      elf: [elfutils]
      fftw-api: [fftw, amdfftw]
+      flame: [libflame, amdlibflame]
+      fuse: [libfuse]
      gl: [mesa+opengl, mesa18, opengl]
-      glx: [mesa+glx, mesa18+glx, opengl]
      glu: [mesa-glu, openglu]
+      glx: [mesa+glx, mesa18+glx, opengl]
      golang: [gcc]
      iconv: [libiconv]
      ipp: [intel-ipp]
      java: [openjdk, jdk, ibm-java]
      jpeg: [libjpeg-turbo, libjpeg]
      lapack: [openblas, amdlibflame]
+      lua-lang: [lua, lua-luajit]
      mariadb-client: [mariadb-c-client, mariadb]
      mkl: [intel-mkl]
      mpe: [mpe2]
      mpi: [openmpi, mpich]
      mysql-client: [mysql, mariadb-c-client]
      opencl: [pocl]
+      onedal: [intel-oneapi-dal]
      osmesa: [mesa+osmesa, mesa18+osmesa]
+      pbs: [openpbs, torque]
      pil: [py-pillow]
      pkgconfig: [pkgconf, pkg-config]
      rpc: [libtirpc]
      scalapack: [netlib-scalapack, amdscalapack]
      sycl: [hipsycl]
-      szip: [libszip, libaec]
+      szip: [libaec, libszip]
      tbb: [intel-tbb]
      unwind: [libunwind]
-      yacc: [bison, byacc]
-      flame: [libflame, amdlibflame]
      uuid: [util-linux-uuid, libuuid]
+      xxd: [xxd-standalone, vim]
+      yacc: [bison, byacc]
      ziglang: [zig]
    permissions:
      read: world
--- a/lib/spack/docs/Makefile
+++ b/lib/spack/docs/Makefile
@@ -2,7 +2,7 @@
 #

 # You can set these variables from the command line.
-SPHINXOPTS    = -W
+SPHINXOPTS    = -W --keep-going
 SPHINXBUILD   = sphinx-build
 PAPER         =
 BUILDDIR      = _build
--- a/lib/spack/docs/basic_usage.rst
+++ b/lib/spack/docs/basic_usage.rst
@@ -695,6 +695,136 @@ structured the way you want:
    }


+^^^^^^^^^^^^^^
+``spack diff``
+^^^^^^^^^^^^^^
+
+It's often the case that you have two versions of a spec that you need to
+disambiguate. Let's say that we've installed two variants of zlib, one with
+and one without the optimize variant:
+
+.. code-block:: console
+
+   $ spack install zlib
+   $ spack install zlib -optimize
+
+When we do ``spack find`` we see the two versions.
+
+.. code-block:: console
+
+    $ spack find zlib
+    ==> 2 installed packages
+    -- linux-ubuntu20.04-skylake / gcc@9.3.0 ------------------------
+    zlib@1.2.11  zlib@1.2.11
+
+
+Let's now say that we want to uninstall zlib. We run the command, and hit a problem
+real quickly since we have two!
+
+.. code-block:: console
+
+    $ spack uninstall zlib
+    ==> Error: zlib matches multiple packages:
+
+        -- linux-ubuntu20.04-skylake / gcc@9.3.0 ------------------------
+        efzjziy zlib@1.2.11  sl7m27m zlib@1.2.11
+
+    ==> Error: You can either:
+        a) use a more specific spec, or
+        b) specify the spec by its hash (e.g. `spack uninstall /hash`), or
+        c) use `spack uninstall --all` to uninstall ALL matching specs.
+
+Oh no! We can see from the above that we have two different versions of zlib installed,
+and the only difference between the two is the hash. This is a good use case for
+``spack diff``, which can easily show us the "diff" or set difference
+between properties for two packages. Let's try it out.
+Since the only difference we see in the ``spack find`` view is the hash, let's use
+``spack diff`` to look for more detail. We will provide the two hashes:
+
+.. code-block:: console
+
+    $ spack diff /efzjziy /sl7m27m
+    ==> Warning: This interface is subject to change.
+
+    --- zlib@1.2.11efzjziyc3dmb5h5u5azsthgbgog5mj7g
+    +++ zlib@1.2.11sl7m27mzkbejtkrajigj3a3m37ygv4u2
+    @@ variant_value @@
+    -  zlib optimize False
+    +  zlib optimize True
+
+
+The output is colored, and written in the style of a git diff. This means that you
+can copy and paste it into a GitHub markdown as a code block with language "diff"
+and it will render nicely! Here is an example:
+
+.. code-block:: md
+
+    ```diff
+    --- zlib@1.2.11/efzjziyc3dmb5h5u5azsthgbgog5mj7g
+    +++ zlib@1.2.11/sl7m27mzkbejtkrajigj3a3m37ygv4u2
+    @@ variant_value @@
+    -  zlib optimize False
+    +  zlib optimize True
+    ```
+
+Awesome! Now let's read the diff. It tells us that our first zlib was built with ``~optimize``
+(``False``) and the second was built with ``+optimize`` (``True``). You can't see it in the docs
+here, but the output above is also colored based on the content being an addition (+) or
+subtraction (-).
+
+This is a small example, but you will be able to see differences for any attributes on the
+installation spec. Running ``spack diff A B`` means we'll see which spec attributes are on
+``B`` but not on ``A`` (green) and which are on ``A`` but not on ``B`` (red). Here is another
+example with an additional difference type, ``version``:
+
+.. code-block:: console
+
+    $ spack diff python@2.7.8 python@3.8.11
+    ==> Warning: This interface is subject to change.
+
+    --- python@2.7.8/tsxdi6gl4lihp25qrm4d6nys3nypufbf
+    +++ python@3.8.11/yjtseru4nbpllbaxb46q7wfkyxbuvzxx
+    @@ variant_value @@
+    -  python patches a8c52415a8b03c0e5f28b5d52ae498f7a7e602007db2b9554df28cd5685839b8
+    +  python patches 0d98e93189bc278fbc37a50ed7f183bd8aaf249a8e1670a465f0db6bb4f8cf87
+    @@ version @@
+    -  openssl 1.0.2u
+    +  openssl 1.1.1k
+    -  python 2.7.8
+    +  python 3.8.11
+
+Let's say that we were only interested in one kind of attribute above, ``version``.
+We can ask the command to only output this attribute.  To do this, you'd add
+the ``--attribute`` for attribute parameter, which defaults to all. Here is how you
+would filter to show just versions:
+
+.. code-block:: console
+
+    $ spack diff --attribute version python@2.7.8 python@3.8.11
+    ==> Warning: This interface is subject to change.
+
+    --- python@2.7.8/tsxdi6gl4lihp25qrm4d6nys3nypufbf
+    +++ python@3.8.11/yjtseru4nbpllbaxb46q7wfkyxbuvzxx
+    @@ version @@
+    -  openssl 1.0.2u
+    +  openssl 1.1.1k
+    -  python 2.7.8
+    +  python 3.8.11
+
+And you can add as many attributes as you'd like with multiple `--attribute` arguments
+(for lots of attributes, you can use ``-a`` for short). Finally, if you want to view the
+data as json (and possibly pipe into an output file) just add ``--json``:
+
+
+.. code-block:: console
+
+    $ spack diff --json python@2.7.8 python@3.8.11
+
+
+This data will be much longer because along with the differences for ``A`` vs. ``B`` and
+``B`` vs. ``A``, the JSON output also showsthe intersection.
+
+
 ------------------------
 Using installed packages
 ------------------------
@@ -1730,6 +1860,39 @@ This issue typically manifests with the error below:

 A nicer error message is TBD in future versions of Spack.

+---------------
+Troubleshooting
+---------------
+
+The ``spack audit`` command:
+
+.. command-output:: spack audit -h
+
+can be used to detect a number of configuration issues. This command detects
+configuration settings which might not be strictly wrong but are not likely
+to be useful outside of special cases.
+
+It can also be used to detect dependency issues with packages - for example
+cases where a package constrains a dependency with a variant that doesn't
+exist (in this case Spack could report the problem ahead of time but
+automatically performing the check would slow down most runs of Spack).
+
+A detailed list of the checks currently implemented for each subcommand can be
+printed with:
+
+.. command-output:: spack -v audit list
+
+Depending on the use case, users might run the appropriate subcommands to obtain
+diagnostics. Issues, if found, are reported to stdout:
+
+.. code-block:: console
+
+   % spack audit packages lammps
+   PKG-DIRECTIVES: 1 issue found
+   1. lammps: wrong variant in "conflicts" directive
+       the variant 'adios' does not exist
+       in /home/spack/spack/var/spack/repos/builtin/packages/lammps/package.py
+

 ------------
 Getting Help
--- a/lib/spack/docs/binary_caches.rst
+++ b/lib/spack/docs/binary_caches.rst
@@ -31,9 +31,25 @@ Build caches are created via:

 .. code-block:: console

-   $ spack buildcache create spec
+    $ spack buildcache create <spec>


+If you wanted to create a build cache in a local directory, you would provide
+the ``-d`` argument to target that directory, again also specifying the spec.
+Here is an example creating a local directory, "spack-cache" and creating
+build cache files for the "ninja" spec:
+
+.. code-block:: console
+
+    $ mkdir -p ./spack-cache
+    $ spack buildcache create -d ./spack-cache ninja
+    ==> Buildcache files will be output to file:///home/spackuser/spack/spack-cache/build_cache
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    gpg: using "E6DF6A8BD43208E4D6F392F23777740B7DBD643D" as default secret key for signing
+
+Note that the targeted spec must already be installed. Once you have a build cache,
+you can add it as a mirror, discussed next.
+
 ---------------------------------------
 Finding or installing build cache files
 ---------------------------------------
@@ -43,19 +59,98 @@ with:

 .. code-block:: console

-   $ spack mirror add <name> <url>
+    $ spack mirror add <name> <url>
+
+
+Note that the url can be a web url _or_ a local filesystem location. In the previous
+example, you might add the directory "spack-cache" and call it ``mymirror``:

-Build caches are found via:

 .. code-block:: console

-   $ spack buildcache list
+    $ spack mirror add mymirror ./spack-cache

-Build caches are installed via:
+
+You can see that the mirror is added with ``spack mirror list`` as follows:

 .. code-block:: console

-   $ spack buildcache install
+
+    $ spack mirror list
+    mymirror           file:///home/spackuser/spack/spack-cache
+    spack-public       https://spack-llnl-mirror.s3-us-west-2.amazonaws.com/
+
+
+At this point, you've create a buildcache, but spack hasn't indexed it, so if
+you run ``spack buildcache list`` you won't see any results. You need to index
+this new build cache as follows:
+
+.. code-block:: console
+
+    $ spack buildcache update-index -d spack-cache/
+
+Now you can use list:
+
+.. code-block:: console
+
+    $  spack buildcache list
+    ==> 1 cached build.
+    -- linux-ubuntu20.04-skylake / gcc@9.3.0 ------------------------
+    ninja@1.10.2
+
+
+Great! So now let's say you have a different spack installation, or perhaps just
+a different environment for the same one, and you want to install a package from
+that build cache. Let's first uninstall the actual library "ninja" to see if we can
+re-install it from the cache.
+
+.. code-block:: console
+
+    $ spack uninstall ninja
+
+
+And now reinstall from the buildcache
+
+.. code-block:: console
+
+    $ spack buildcache install ninja
+    ==> buildcache spec(s) matching ninja 
+    ==> Fetching file:///home/spackuser/spack/spack-cache/build_cache/linux-ubuntu20.04-skylake/gcc-9.3.0/ninja-1.10.2/linux-ubuntu20.04-skylake-gcc-9.3.0-ninja-1.10.2-i4e5luour7jxdpc3bkiykd4imke3mkym.spack
+    ####################################################################################################################################### 100.0%
+    ==> Installing buildcache for spec ninja@1.10.2%gcc@9.3.0 arch=linux-ubuntu20.04-skylake
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    gpg: Signature made Tue 23 Mar 2021 10:16:29 PM MDT
+    gpg:                using RSA key E6DF6A8BD43208E4D6F392F23777740B7DBD643D
+    gpg: Good signature from "spackuser (GPG created for Spack) <spackuser@noreply.users.github.com>" [ultimate]
+
+
+It worked! You've just completed a full example of creating a build cache with
+a spec of interest, adding it as a mirror, updating it's index, listing the contents,
+and finally, installing from it.
+
+
+Note that the above command is intended to install a particular package to a
+build cache you have created, and not to install a package from a build cache.
+For the latter, once a mirror is added, by default when you do ``spack install`` the ``--use-cache``
+flag is set, and you will install a package from a build cache if it is available.
+If you want to always use the cache, you can do:
+
+.. code-block:: console
+
+   $ spack install --cache-only <package>
+
+For example, to combine all of the commands above to add the E4S build cache
+and then install from it exclusively, you would do:
+
+.. code-block:: console
+
+    $ spack mirror add E4S https://cache.e4s.io
+    $ spack buildcache keys --install --trust
+    $ spack install --cache-only <package>
+
+We use ``--install`` and ``--trust`` to say that we are installing keys to our
+keyring, and trusting all downloaded keys.
+

 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 List of popular build caches
--- a/lib/spack/docs/build_systems/cmakepackage.rst
+++ b/lib/spack/docs/build_systems/cmakepackage.rst
@@ -130,8 +130,8 @@ Adding flags to cmake
 To add additional flags to the ``cmake`` call, simply override the
 ``cmake_args`` function. The following example defines values for the flags
 ``WHATEVER``, ``ENABLE_BROKEN_FEATURE``, ``DETECT_HDF5``, and ``THREADS`` with
-and without the :py:meth:`~.CMakePackage.define` and
-:py:meth:`~.CMakePackage.define_from_variant` helper functions:
+and without the :meth:`~spack.build_systems.cmake.CMakePackage.define` and
+:meth:`~spack.build_systems.cmake.CMakePackage.define_from_variant` helper functions:

 .. code-block:: python

--- a/lib/spack/docs/build_systems/cudapackage.rst
+++ b/lib/spack/docs/build_systems/cudapackage.rst
@@ -10,7 +10,7 @@ CudaPackage
 -----------

 Different from other packages, ``CudaPackage`` does not represent a build system.
-Instead its goal is to simplify and unify usage of ``CUDA`` in other packages by providing a ` mixin-class <https://en.wikipedia.org/wiki/Mixin>`__.
+Instead its goal is to simplify and unify usage of ``CUDA`` in other packages by providing a `mixin-class <https://en.wikipedia.org/wiki/Mixin>`_.

 You can find source for the package at
 `<https://github.com/spack/spack/blob/develop/lib/spack/spack/build_systems/cuda.py>`__.
--- a/lib/spack/docs/build_systems/inteloneapipackage.rst
+++ b/lib/spack/docs/build_systems/inteloneapipackage.rst
@@ -25,7 +25,7 @@ use Spack to build packages with the tools.
 The Spack Python class ``IntelOneapiPackage`` is a base class that is
 used by ``IntelOneapiCompilers``, ``IntelOneapiMkl``,
 ``IntelOneapiTbb`` and other classes to implement the oneAPI
-packages. See the :ref:<package-list> for the full list of available
+packages. See the :ref:`package-list` for the full list of available
 oneAPI packages or use::

  spack list -d oneAPI
@@ -35,7 +35,7 @@ For more information on a specific package, do::
  spack info <package-name>

 Intel no longer releases new versions of Parallel Studio, which can be
-used in Spack via the :ref:<intelpackage>. All of its components can
+used in Spack via the :ref:`intelpackage`. All of its components can
 now be found in oneAPI. 

 Examples
@@ -145,11 +145,11 @@ More information
 ================

 This section describes basic use of oneAPI, especially if it has
-changed compared to Parallel Studio. See :ref:<intelpackage> for more
-information on :ref:<intel-virtual-packages>,
-:ref:<intel-unrelated-packages>,
-:ref:<intel-integrating-external-libraries>, and
-:ref:<using-mkl-tips>.
+changed compared to Parallel Studio. See :ref:`intelpackage` for more
+information on :ref:`intel-virtual-packages`,
+:ref:`intel-unrelated-packages`,
+:ref:`intel-integrating-external-libraries`, and
+:ref:`using-mkl-tips`.


 .. _`Intel installers`: https://software.intel.com/content/www/us/en/develop/documentation/installation-guide-for-intel-oneapi-toolkits-linux/top.html
--- a/lib/spack/docs/build_systems/makefilepackage.rst
+++ b/lib/spack/docs/build_systems/makefilepackage.rst
@@ -147,8 +147,10 @@ and a ``filter_file`` method to help with this. For example:
   def edit(self, spec, prefix):
       makefile = FileFilter('Makefile')

-       makefile.filter('CC = gcc',  'CC = cc')
-       makefile.filter('CXX = g++', 'CC = c++')
+       makefile.filter(r'^\s*CC\s*=.*',  'CC = '  + spack_cc)
+       makefile.filter(r'^\s*CXX\s*=.*', 'CXX = ' + spack_cxx)
+       makefile.filter(r'^\s*F77\s*=.*', 'F77 = ' + spack_f77)
+       makefile.filter(r'^\s*FC\s*=.*',  'FC = '  + spack_fc)


 `stream <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/stream/package.py>`_
--- a/lib/spack/docs/conf.py
+++ b/lib/spack/docs/conf.py
@@ -17,10 +17,10 @@
 # All configuration values have a default; values that are commented out
 # serve to show the default.

-import sys
 import os
 import re
 import subprocess
+import sys
 from glob import glob

 from sphinx.ext.apidoc import main as sphinx_apidoc
@@ -82,6 +82,8 @@
 # Disable duplicate cross-reference warnings.
 #
 from sphinx.domains.python import PythonDomain
+
+
 class PatchedPythonDomain(PythonDomain):
    def resolve_xref(self, env, fromdocname, builder, typ, target, node, contnode):
        if 'refspecific' in node:
@@ -95,15 +97,19 @@ def setup(sphinx):
 # -- General configuration -----------------------------------------------------

 # If your documentation needs a minimal Sphinx version, state it here.
-needs_sphinx = '1.8'
+needs_sphinx = '3.4'

 # Add any Sphinx extension module names here, as strings. They can be extensions
 # coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
-extensions = ['sphinx.ext.autodoc',
-              'sphinx.ext.graphviz',
-              'sphinx.ext.napoleon',
-              'sphinx.ext.todo',
-              'sphinxcontrib.programoutput']
+extensions = [
+    'sphinx.ext.autodoc',
+    'sphinx.ext.graphviz',
+    'sphinx.ext.intersphinx',
+    'sphinx.ext.napoleon',
+    'sphinx.ext.todo',
+    'sphinx.ext.viewcode',
+    'sphinxcontrib.programoutput',
+]

 # Set default graphviz options
 graphviz_dot_args = [
@@ -136,6 +142,7 @@ def setup(sphinx):
 #
 # The short X.Y version.
 import spack
+
 version = '.'.join(str(s) for s in spack.spack_version_info[:2])
 # The full version, including alpha/beta/rc tags.
 release = spack.spack_version
@@ -161,6 +168,19 @@ def setup(sphinx):
 # directories to ignore when looking for source files.
 exclude_patterns = ['_build', '_spack_root', '.spack-env']

+nitpicky = True
+nitpick_ignore = [
+    # Python classes that intersphinx is unable to resolve
+    ('py:class', 'argparse.HelpFormatter'),
+    ('py:class', 'contextlib.contextmanager'),
+    ('py:class', 'module'),
+    ('py:class', '_io.BufferedReader'),
+    ('py:class', 'unittest.case.TestCase'),
+    ('py:class', '_frozen_importlib_external.SourceFileLoader'),
+    # Spack classes that are private and we don't want to expose
+    ('py:class', 'spack.provider_index._IndexBase'),
+]
+
 # The reST default role (used for this markup: `text`) to use for all documents.
 #default_role = None

@@ -179,7 +199,8 @@ def setup(sphinx):
 # We use our own extension of the default style with a few modifications
 from pygments.style import Style
 from pygments.styles.default import DefaultStyle
-from pygments.token import Generic, Comment, Text
+from pygments.token import Comment, Generic, Text
+

 class SpackStyle(DefaultStyle):
    styles = DefaultStyle.styles.copy()
@@ -188,6 +209,7 @@ class SpackStyle(DefaultStyle):
    styles[Generic.Prompt] = "bold #346ec9"

 import pkg_resources
+
 dist = pkg_resources.Distribution(__file__)
 sys.path.append('.')  # make 'conf' module findable
 ep = pkg_resources.EntryPoint.parse('spack = conf:SpackStyle', dist=dist)
@@ -353,3 +375,11 @@ class SpackStyle(DefaultStyle):

 # How to display URL addresses: 'footnote', 'no', or 'inline'.
 #texinfo_show_urls = 'footnote'
+
+
+# -- Extension configuration -------------------------------------------------
+
+# sphinx.ext.intersphinx
+intersphinx_mapping = {
+    "python": ("https://docs.python.org/3", None),
+}
--- a/lib/spack/docs/developer_guide.rst
+++ b/lib/spack/docs/developer_guide.rst
@@ -108,9 +108,9 @@ with a high level view of Spack's directory structure:

            spack/                <- spack module; contains Python code
               analyzers/         <- modules to run analysis on installed packages
-               build_systems/     <- modules for different build systems 
+               build_systems/     <- modules for different build systems
               cmd/               <- each file in here is a spack subcommand
-               compilers/         <- compiler description files          
+               compilers/         <- compiler description files
               container/         <- module for spack containerize
               hooks/             <- hook modules to run at different points
               modules/           <- modules for lmod, tcl, etc.
@@ -151,24 +151,22 @@ Package-related modules
 ^^^^^^^^^^^^^^^^^^^^^^^

 :mod:`spack.package`
-  Contains the :class:`Package <spack.package.Package>` class, which
+  Contains the :class:`~spack.package.Package` class, which
  is the superclass for all packages in Spack.  Methods on ``Package``
  implement all phases of the :ref:`package lifecycle
  <package-lifecycle>` and manage the build process.

-:mod:`spack.packages`
-  Contains all of the packages in Spack and methods for managing them.
-  Functions like :func:`packages.get <spack.packages.get>` and
-  :func:`class_name_for_package_name
-  <packages.class_name_for_package_name>` handle mapping package module
-  names to class names and dynamically instantiating packages by name
-  from module files.
+:mod:`spack.util.naming`
+  Contains functions for mapping between Spack package names,
+  Python module names, and Python class names. Functions like
+  :func:`~spack.util.naming.mod_to_class` handle mapping package
+  module names to class names.

-:mod:`spack.relations`
-  *Relations* are relationships between packages, like
-  :func:`depends_on <spack.relations.depends_on>` and :func:`provides
-  <spack.relations.provides>`.  See :ref:`dependencies` and
-  :ref:`virtual-dependencies`.
+:mod:`spack.directives`
+  *Directives* are functions that can be called inside a package definition
+  to modify the package, like :func:`~spack.directives.depends_on`
+  and :func:`~spack.directives.provides`.  See :ref:`dependencies`
+  and :ref:`virtual-dependencies`.

 :mod:`spack.multimethod`
  Implementation of the :func:`@when <spack.multimethod.when>`
@@ -180,31 +178,27 @@ Spec-related modules
 ^^^^^^^^^^^^^^^^^^^^

 :mod:`spack.spec`
-  Contains :class:`Spec <spack.spec.Spec>` and :class:`SpecParser
-  <spack.spec.SpecParser>`. Also implements most of the logic for
-  normalization and concretization of specs.
+  Contains :class:`~spack.spec.Spec` and :class:`~spack.spec.SpecParser`.
+  Also implements most of the logic for normalization and concretization
+  of specs.

 :mod:`spack.parse`
  Contains some base classes for implementing simple recursive descent
-  parsers: :class:`Parser <spack.parse.Parser>` and :class:`Lexer
-  <spack.parse.Lexer>`.  Used by :class:`SpecParser
-  <spack.spec.SpecParser>`.
+  parsers: :class:`~spack.parse.Parser` and :class:`~spack.parse.Lexer`.
+  Used by :class:`~spack.spec.SpecParser`.

 :mod:`spack.concretize`
-  Contains :class:`DefaultConcretizer
-  <spack.concretize.DefaultConcretizer>` implementation, which allows
-  site administrators to change Spack's :ref:`concretization-policies`.
+  Contains :class:`~spack.concretize.Concretizer` implementation,
+  which allows site administrators to change Spack's :ref:`concretization-policies`.

 :mod:`spack.version`
-  Implements a simple :class:`Version <spack.version.Version>` class
-  with simple comparison semantics.  Also implements
-  :class:`VersionRange <spack.version.VersionRange>` and
-  :class:`VersionList <spack.version.VersionList>`.  All three are
-  comparable with each other and offer union and intersection
-  operations.  Spack uses these classes to compare versions and to
-  manage version constraints on specs.  Comparison semantics are
-  similar to the ``LooseVersion`` class in ``distutils`` and to the
-  way RPM compares version strings.
+  Implements a simple :class:`~spack.version.Version` class with simple
+  comparison semantics.  Also implements :class:`~spack.version.VersionRange`
+  and :class:`~spack.version.VersionList`. All three are comparable with each
+  other and offer union and intersection operations. Spack uses these classes
+  to compare versions and to manage version constraints on specs. Comparison
+  semantics are similar to the ``LooseVersion`` class in ``distutils`` and to
+  the way RPM compares version strings.

 :mod:`spack.compilers`
  Submodules contains descriptors for all valid compilers in Spack.
@@ -232,7 +226,7 @@ Build environment
 :mod:`spack.stage`
  Handles creating temporary directories for builds.

-:mod:`spack.compilation`
+:mod:`spack.build_environment`
  This contains utility functions used by the compiler wrapper script,
  ``cc``.

@@ -257,22 +251,19 @@ Unit tests
  Implements Spack's test suite.  Add a module and put its name in
  the test suite in ``__init__.py`` to add more unit tests.

-:mod:`spack.test.mock_packages`
-  This is a fake package hierarchy used to mock up packages for
-  Spack's test suite.
-
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Research and Monitoring Modules
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 :mod:`spack.monitor`
-  Contains :class:`SpackMonitor <spack.monitor.SpackMonitor>`. This is accessed
-  from the ``spack install`` and ``spack analyze`` commands to send build
-  and package metadada up to a `Spack Monitor <https://github.com/spack/spack-monitor>`_ server. 
+  Contains :class:`~spack.monitor.SpackMonitorClient`. This is accessed from
+  the ``spack install`` and ``spack analyze`` commands to send build and
+  package metadata up to a `Spack Monitor
+  <https://github.com/spack/spack-monitor>`_ server.


 :mod:`spack.analyzers`
-  A module folder with a :class:`AnalyzerBase <spack.analyzers.analyzer_base.AnalyzerBase>`
+  A module folder with a :class:`~spack.analyzers.analyzer_base.AnalyzerBase`
  that provides base functions to run, save, and (optionally) upload analysis
  results to a `Spack Monitor <https://github.com/spack/spack-monitor>`_ server.

@@ -286,7 +277,7 @@ Other Modules
  tarball URLs.

 :mod:`spack.error`
-  :class:`SpackError <spack.error.SpackError>`, the base class for
+  :class:`~spack.error.SpackError`, the base class for
  Spack's exception hierarchy.

 :mod:`llnl.util.tty`
@@ -335,8 +326,8 @@ Writing analyzers
 To write an analyzer, you should add a new python file to the
 analyzers module directory at ``lib/spack/spack/analyzers`` .
 Your analyzer should be a subclass of the :class:`AnalyzerBase <spack.analyzers.analyzer_base.AnalyzerBase>`. For example, if you want
-to add an analyzer class ``Myanalyzer`` you woul write to 
-``spack/analyzers/myanalyzer.py`` and import and 
+to add an analyzer class ``Myanalyzer`` you would write to
+``spack/analyzers/myanalyzer.py`` and import and
 use the base as follows:

 .. code-block:: python
@@ -347,7 +338,7 @@ use the base as follows:


 Note that the class name is your module file name, all lowercase
-except for the first capital letter. You can  look at other analyzers in 
+except for the first capital letter. You can  look at other analyzers in
 that analyzer directory for examples. The guide here will tell you about the basic functions needed.

 ^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -356,13 +347,13 @@ Analyzer Output Directory

 By default, when you run ``spack analyze run`` an analyzer output directory will
 be created in your spack user directory in your ``$HOME``. The reason we output here
-is because the install directory might not always be writable. 
+is because the install directory might not always be writable.

 .. code-block:: console

    ~/.spack/
      analyzers
-      
+
 Result files will be written here, organized in subfolders in the same structure
 as the package, with each analyzer owning it's own subfolder. for example:

@@ -380,11 +371,11 @@ as the package, with each analyzer owning it's own subfolder. for example:
                │   └── spack-analyzer-install-files.json
                └── libabigail
                    └── lib
-                        └── spack-analyzer-libabigail-libz.so.1.2.11.xml 
+                        └── spack-analyzer-libabigail-libz.so.1.2.11.xml


 Notice that for the libabigail analyzer, since results are generated per object,
-we honor the object's folder in case there are equivalently named files in 
+we honor the object's folder in case there are equivalently named files in
 different folders. The result files are typically written as json so they can be easily read and  uploaded in a future interaction with a monitor.


@@ -426,7 +417,7 @@ and then return the object with a key as the analyzer name. The result data
 should be a list of objects, each with a name, ``analyzer_name``, ``install_file``,
 and one of ``value`` or ``binary_value``. The install file should be for a relative
 path, and not the absolute path. For example, let's say we extract a metric called
-``metric`` for ``bin/wget`` using our analyzer ``thebest-analyzer``. 
+``metric`` for ``bin/wget`` using our analyzer ``thebest-analyzer``.
 We might have data that looks like this:

 .. code-block:: python
@@ -482,7 +473,7 @@ Saving Analyzer Results
 The analyzer will have ``save_result`` called, with the result object generated
 to save it to the filesystem, and if the user has added the ``--monitor`` flag
 to upload it to a monitor server. If your result follows an accepted result
-format and you don't need to parse it further, you don't need to add this 
+format and you don't need to parse it further, you don't need to add this
 function to your class. However, if your result data is large or otherwise
 needs additional parsing, you can define it. If you define the function, it
 is useful to know about the ``output_dir`` property, which you can join
@@ -548,7 +539,7 @@ each one (separately) to the monitor:

 Notice that this function, if you define it, requires a result object (generated by
 ``run()``, a monitor (if you want to send), and a boolean ``overwrite`` to be used
-to check if a result exists first, and not write to it if the result exists and 
+to check if a result exists first, and not write to it if the result exists and
 overwrite is False. Also notice that since we already saved these files to the analyzer metadata folder, we return early if a monitor isn't defined, because this function serves to send  results to the monitor. If you haven't saved anything to the analyzer metadata folder
 yet, you might want to do that here. You should also use ``tty.info`` to give
 the user a message of "Writing result to $DIRNAME."
@@ -616,7 +607,7 @@ types of hooks in the ``__init__.py``, and then python files in that folder
 can use hook functions. The files are automatically parsed, so if you write
 a new file for some integration (e.g., ``lib/spack/spack/hooks/myintegration.py``
 you can then write hook functions in that file that will be automatically detected,
-and run whenever your hook is called. This section will cover the basic kind 
+and run whenever your hook is called. This section will cover the basic kind
 of hooks, and how to write them.

 ^^^^^^^^^^^^^^
@@ -624,7 +615,7 @@ Types of Hooks
 ^^^^^^^^^^^^^^

 The following hooks are currently implemented to make it easy for you,
-the developer, to add hooks at different stages of a spack install or similar. 
+the developer, to add hooks at different stages of a spack install or similar.
 If there is a hook that you would like and is missing, you can propose to add a new one.

 """""""""""""""""""""
@@ -632,9 +623,9 @@ If there is a hook that you would like and is missing, you can propose to add a
 """""""""""""""""""""

 A ``pre_install`` hook is run within an install subprocess, directly before
-the install starts. It expects a single argument of a spec, and is run in 
+the install starts. It expects a single argument of a spec, and is run in
 a multiprocessing subprocess. Note that if you see ``pre_install`` functions associated with packages these are not hooks
-as we have defined them here, but rather callback functions associated with 
+as we have defined them here, but rather callback functions associated with
 a package install.


@@ -657,7 +648,7 @@ here.
 This hook is run at the beginning of ``lib/spack/spack/installer.py``,
 in the install function of a ``PackageInstaller``,
 and importantly is not part of a build process, but before it. This is when
-we have just newly grabbed the task, and are preparing to install. If you 
+we have just newly grabbed the task, and are preparing to install. If you
 write a hook of this type, you should provide the spec to it.

 .. code-block:: python
@@ -666,7 +657,7 @@ write a hook of this type, you should provide the spec to it.
        """On start of an install, we want to...
        """
        print('on_install_start')
-    
+

 """"""""""""""""""""""""""""
 ``on_install_success(spec)``
@@ -744,8 +735,8 @@ to trigger after anything is written to a logger. You would add it as follows:
    post_install = HookRunner('post_install')

    # hooks related to logging
-    post_log_write = HookRunner('post_log_write') # <- here is my new hook! 
-    
+    post_log_write = HookRunner('post_log_write') # <- here is my new hook!
+

 You then need to decide what arguments my hook would expect. Since this is
 related to logging, let's say that you want a message and level. That means
@@ -775,7 +766,7 @@ In this example, we use it outside of a logger that is already defined:

 This is not to say that this would be the best way to implement an integration
 with the logger (you'd probably want to write a custom logger, or you could
-have the hook defined within the logger) but serves as an example of writing a hook. 
+have the hook defined within the logger) but serves as an example of writing a hook.

 ----------
 Unit tests
@@ -785,6 +776,38 @@ Unit tests
 Unit testing
 ------------

+---------------------
+Developer environment
+---------------------
+
+.. warning::
+
+    This is an experimental feature. It is expected to change and you should
+    not use it in a production environment.
+
+
+When installing a package, we currently have support to export environment
+variables to specify adding debug flags to the build. By default, a package
+install will build without any debug flag. However, if you want to add them,
+you can export:
+
+.. code-block:: console
+
+   export SPACK_ADD_DEBUG_FLAGS=true
+   spack install zlib
+
+
+If you want to add custom flags, you should export an additional variable:
+
+.. code-block:: console
+
+   export SPACK_ADD_DEBUG_FLAGS=true
+   export SPACK_DEBUG_FLAGS="-g"
+   spack install zlib
+
+These environment variables will eventually be integrated into spack so
+they are set from the command line.
+
 ------------------
 Developer commands
 ------------------
@@ -795,6 +818,29 @@ Developer commands
 ``spack doc``
 ^^^^^^^^^^^^^

+.. _cmd-spack-style:
+
+^^^^^^^^^^^^^^^
+``spack style``
+^^^^^^^^^^^^^^^
+
+spack style exists to help the developer user to check imports and style with
+mypy, flake8, isort, and (soon) black. To run all style checks, simply do:
+
+.. code-block:: console
+
+    $ spack style
+
+To run automatic fixes for isort you can do:
+
+.. code-block:: console
+
+    $ spack style --fix
+
+You do not need any of these Python packages installed on your system for
+the checks to work! Spack will bootstrap install them from packages for
+your use.
+
 ^^^^^^^^^^^^^^^^^^^
 ``spack unit-test``
 ^^^^^^^^^^^^^^^^^^^
@@ -867,6 +913,50 @@ just like you would with the normal ``python`` command.

 .. _cmd-spack-url:

+
+^^^^^^^^^^^^^^^
+``spack blame``
+^^^^^^^^^^^^^^^
+
+Spack blame is a way to quickly see contributors to packages or files
+in the spack repository. You should provide a target package name or
+file name to the command. Here is an example asking to see contributions
+for the package "python":
+
+.. code-block:: console
+
+    $ spack blame python
+    LAST_COMMIT  LINES  %      AUTHOR            EMAIL
+    2 weeks ago  3      0.3    Mickey Mouse   <cheddar@gmouse.org>
+    a month ago  927    99.7   Minnie Mouse   <swiss@mouse.org>
+
+    2 weeks ago  930    100.0
+
+
+By default, you will get a table view (shown above) sorted by date of contribution,
+with the most recent contribution at the top.  If you want to sort instead
+by percentage of code contribution, then add ``-p``:
+
+.. code-block:: console
+
+    $ spack blame -p python
+
+
+And to see the git blame view, add ``-g`` instead:
+
+
+.. code-block:: console
+
+    $ spack blame -g python
+
+
+Finally, to get a json export of the data, add ``--json``:
+
+.. code-block:: console
+
+    $ spack blame --json python
+
+
 ^^^^^^^^^^^^^
 ``spack url``
 ^^^^^^^^^^^^^
@@ -1211,7 +1301,7 @@ Publishing a release on GitHub

 #. Create the release in GitHub.

-   * Go to 
+   * Go to
     `github.com/spack/spack/releases <https://github.com/spack/spack/releases>`_
     and click ``Draft a new release``.

--- a/lib/spack/docs/environments.rst
+++ b/lib/spack/docs/environments.rst
@@ -363,7 +363,7 @@ to ``spack install`` on the command line, ``--no-add`` is the default,
 while for dependency specs on the other hand, it is optional.  In other
 words, if there is an unambiguous match in the active concrete environment
 for a root spec provided to ``spack install`` on the command line, spack
-does not require you to specify the ``--no-add` option to prevent the spec
+does not require you to specify the ``--no-add`` option to prevent the spec
 from being added again.  At the same time, a spec that already exists in the
 environment, but only as a dependency, will be added to the environment as a
 root spec without the ``--no-add`` option.
@@ -723,6 +723,8 @@ Spack Environment managed views are updated every time the environment
 is written out to the lock file ``spack.lock``, so the concrete
 environment and the view are always compatible.

+.. _configuring_environment_views:
+
 """""""""""""""""""""""""""""
 Configuring environment views
 """""""""""""""""""""""""""""
@@ -730,13 +732,17 @@ Configuring environment views
 The Spack Environment manifest file has a top-level keyword
 ``view``. Each entry under that heading is a view descriptor, headed
 by a name. The view descriptor contains the root of the view, and
-optionally the projections for the view, and ``select`` and
-``exclude`` lists for the view. For example, in the following manifest
+optionally the projections for the view, ``select`` and
+``exclude`` lists for the view and link information via ``link`` and
+``link_type``. For example, in the following manifest
 file snippet we define a view named ``mpis``, rooted at
 ``/path/to/view`` in which all projections use the package name,
 version, and compiler name to determine the path for a given
 package. This view selects all packages that depend on MPI, and
 excludes those built with the PGI compiler at version 18.5.
+All the dependencies of each root spec in the environment will be linked
+in the view due to the command ``link: all`` and the files in the view will
+be symlinks to the spack install directories.

 .. code-block:: yaml

@@ -749,11 +755,16 @@ excludes those built with the PGI compiler at version 18.5.
         exclude: ['%pgi@18.5']
         projections:
           all: {name}/{version}-{compiler.name}
+         link: all
+         link_type: symlink

 For more information on using view projections, see the section on
 :ref:`adding_projections_to_views`. The default for the ``select`` and
 ``exclude`` values is to select everything and exclude nothing. The
-default projection is the default view projection (``{}``).
+default projection is the default view projection (``{}``). The ``link``
+defaults to ``all`` but can also be ``roots`` when only the root specs
+in the environment are desired in the view. The ``link_type`` defaults
+to ``symlink`` but can also take the value of ``hardlink`` or ``copy``.

 Any number of views may be defined under the ``view`` heading in a
 Spack Environment.
--- a/lib/spack/docs/getting_started.rst
+++ b/lib/spack/docs/getting_started.rst
@@ -9,21 +9,16 @@
 Getting Started
 ===============

-------------
-Prerequisites
-------------
+--------------------
+System Prerequisites
+--------------------

-Spack has the following minimum requirements, which must be installed
-before Spack is run:
+Spack has the following minimum system requirements, which are assumed to
+be present on the machine where Spack is run:

-#. Python 2 (2.6 or 2.7) or 3 (3.5 - 3.9) to run Spack
-#. A C/C++ compiler for building
-#. The ``make`` executable for building
-#. The ``tar``, ``gzip``, ``unzip``, ``bzip2``, ``xz`` and optionally ``zstd``
-   executables for extracting source code
-#. The ``patch`` command to apply patches
-#. The ``git`` and ``curl`` commands for fetching
-#. If using the ``gpg`` subcommand, ``gnupg2`` is required
+.. csv-table:: System prerequisites for Spack
+   :file: tables/system_prerequisites.csv
+   :header-rows: 1

 These requirements can be easily installed on most modern Linux systems;
 on macOS, XCode is required.  Spack is designed to run on HPC
@@ -70,7 +65,13 @@ Sourcing these files will put the ``spack`` command in your ``PATH``, set
 up your ``MODULEPATH`` to use Spack's packages, and add other useful
 shell integration for :ref:`certain commands <packaging-shell-support>`,
 :ref:`environments <environments>`, and :ref:`modules <modules>`. For
-``bash``, it also sets up tab completion.
+``bash`` and ``zsh``, it also sets up tab completion.
+
+In order to know which directory to add to your ``MODULEPATH``, these scripts
+query the ``spack`` command. On shared filesystems, this can be a bit slow,
+especially if you log in frequently. If you don't use modules, or want to set
+``MODULEPATH`` manually instead, you can set the ``SPACK_SKIP_MODULES``
+environment variable to skip this step and speed up sourcing the file.

 If you do not want to use Spack's shell support, you can always just run
 the ``spack`` command directly from ``spack/bin/spack``.
@@ -83,6 +84,151 @@ sourcing time, ensuring future invocations of the ``spack`` command will
 continue to use the same consistent python version regardless of changes in
 the environment.

+^^^^^^^^^^^^^^^^^^^^
+Bootstrapping clingo
+^^^^^^^^^^^^^^^^^^^^
+
+Spack supports using ``clingo`` as an external solver to compute which software
+needs to be installed. The default configuration allows Spack to install
+``clingo`` from a public buildcache, created by a Github Action workflow. In this
+case the bootstrapping procedure is transparent to the user, except for a
+slightly long waiting time on the first concretization of a spec:
+
+.. code-block:: console
+
+   $ spack find -b
+   ==> Showing internal bootstrap store at "/home/spack/.spack/bootstrap/store"
+   ==> 0 installed packages
+
+   $ time spack solve zlib
+   ==> Best of 2 considered solutions.
+   ==> Optimization Criteria:
+     Priority  Criterion                                 Value
+     1         deprecated versions used                      0
+     2         version weight                                0
+     3         number of non-default variants (roots)        0
+     4         multi-valued variants                         0
+     5         preferred providers for roots                 0
+     6         number of non-default variants (non-roots)    0
+     7         preferred providers (non-roots)               0
+     8         compiler mismatches                           0
+     9         version badness                               0
+     10        count of non-root multi-valued variants       0
+     11        non-preferred compilers                       0
+     12        target mismatches                             0
+     13        non-preferred targets                         0
+
+   zlib@1.2.11%gcc@11.1.0+optimize+pic+shared arch=linux-ubuntu18.04-broadwell
+
+   real	0m30,618s
+   user	0m27,278s
+   sys	0m1,549s
+
+After this command you'll see that ``clingo`` has been installed for Spack's own use:
+
+.. code-block:: console
+
+   $ spack find -b
+   ==> Showing internal bootstrap store at "/home/spack/.spack/bootstrap/store"
+   ==> 2 installed packages
+   -- linux-rhel5-x86_64 / gcc@9.3.0 -------------------------------
+   clingo-bootstrap@spack  python@3.6
+
+Subsequent calls to the concretizer will then be much faster:
+
+.. code-block:: console
+
+   $ time spack solve zlib
+   [ ... ]
+   real	0m1,222s
+   user	0m1,146s
+   sys	0m0,059s
+
+If for security or for other reasons you don't want to or can't install precompiled
+binaries, Spack can fall-back to bootstrap ``clingo`` from source files. To forbid
+Spack from retrieving binaries from the bootstrapping buildcache, the following
+command must be given:
+
+.. code-block:: console
+
+   $ spack bootstrap untrust github-actions
+   ==> "github-actions" is now untrusted and will not be used for bootstrapping
+
+since an "untrusted" way of bootstrapping software will not be considered
+by Spack. You can verify the new settings are effective with:
+
+.. code-block:: console
+
+   $ spack bootstrap list
+   Name: github-actions UNTRUSTED
+
+     Type: buildcache
+
+     Info:
+       url: https://mirror.spack.io/bootstrap/github-actions/v0.1
+       homepage: https://github.com/alalazo/spack-bootstrap-mirrors
+       releases: https://github.com/alalazo/spack-bootstrap-mirrors/releases
+
+     Description:
+       Buildcache generated from a public workflow using Github Actions.
+       The sha256 checksum of binaries is checked before installation.
+
+
+   Name: spack-install TRUSTED
+
+     Type: install
+
+     Description:
+       Specs built from sources by Spack. May take a long time.
+
+When bootstrapping from sources, Spack requires a compiler with support
+for C++14 (GCC on ``linux``, Apple Clang on ``darwin``) and static C++
+standard libraries on ``linux``. Spack will build the required software
+on the first request to concretize a spec:
+
+.. code-block:: console
+
+   $ spack solve zlib
+   [+] /usr (external bison-3.0.4-wu5pgjchxzemk5ya2l3ddqug2d7jv6eb)
+   [+] /usr (external cmake-3.19.4-a4kmcfzxxy45mzku4ipmj5kdiiz5a57b)
+   [+] /usr (external python-3.6.9-x4fou4iqqlh5ydwddx3pvfcwznfrqztv)
+   ==> Installing re2c-1.2.1-e3x6nxtk3ahgd63ykgy44mpuva6jhtdt
+   [ ... ]
+   ==> Optimization: [0, 0, 0, 0, 0, 1, 0, 0, 0]
+   zlib@1.2.11%gcc@10.1.0+optimize+pic+shared arch=linux-ubuntu18.04-broadwell
+
+.. tip::
+
+   If you want to speed-up bootstrapping ``clingo`` from sources, you may try to
+   search for ``cmake`` and ``bison`` on your system:
+
+   .. code-block:: console
+
+      $ spack external find cmake bison
+      ==> The following specs have been detected on this system and added to /home/spack/.spack/packages.yaml
+      bison@3.0.4  cmake@3.19.4
+
+"""""""""""""""""""
+The Bootstrap Store
+"""""""""""""""""""
+
+All the tools Spack needs for its own functioning are installed in a separate store, which lives
+under the ``${HOME}/.spack`` directory. The software installed there can be queried with:
+
+.. code-block:: console
+
+   $ spack find --bootstrap
+   ==> Showing internal bootstrap store at "/home/spack/.spack/bootstrap/store"
+   ==> 3 installed packages
+   -- linux-ubuntu18.04-x86_64 / gcc@10.1.0 ------------------------
+   clingo-bootstrap@spack  python@3.6.9  re2c@1.2.1
+
+In case it's needed the bootstrap store can also be cleaned with:
+
+.. code-block:: console
+
+   $ spack clean -b
+   ==> Removing software in "/home/spack/.spack/bootstrap/store"

 ^^^^^^^^^^^^^^^^^^
 Check Installation
@@ -111,53 +257,6 @@ environment*, especially for ``PATH``.  Only software that comes with
 the system, or that you know you wish to use with Spack, should be
 included.  This procedure will avoid many strange build errors.

-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-Optional: Bootstrapping clingo
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-Spack supports using clingo as an external solver to compute which software
-needs to be installed. If you have a default compiler supporting C++14 Spack
-can automatically bootstrap this tool from sources the first time it is
-needed:
-
-.. code-block:: console
-
-   $ spack solve zlib
-   [+] /usr (external bison-3.0.4-wu5pgjchxzemk5ya2l3ddqug2d7jv6eb)
-   [+] /usr (external cmake-3.19.4-a4kmcfzxxy45mzku4ipmj5kdiiz5a57b)
-   [+] /usr (external python-3.6.9-x4fou4iqqlh5ydwddx3pvfcwznfrqztv)
-   ==> Installing re2c-1.2.1-e3x6nxtk3ahgd63ykgy44mpuva6jhtdt
-   [ ... ]
-   ==> Optimization: [0, 0, 0, 0, 0, 1, 0, 0, 0]
-   zlib@1.2.11%gcc@10.1.0+optimize+pic+shared arch=linux-ubuntu18.04-broadwell
-
-If you want to speed-up bootstrapping, you may try to search for ``cmake`` and ``bison``
-on your system:
-
-.. code-block:: console
-
-   $ spack external find cmake bison
-   ==> The following specs have been detected on this system and added to /home/spack/.spack/packages.yaml
-   bison@3.0.4  cmake@3.19.4
-
-All the tools Spack needs for its own functioning are installed in a separate store, which lives
-under the ``${HOME}/.spack`` directory. The software installed there can be queried with:
-
-.. code-block:: console
-
-   $ spack find --bootstrap
-   ==> Showing internal bootstrap store at "/home/spack/.spack/bootstrap/store"
-   ==> 3 installed packages
-   -- linux-ubuntu18.04-x86_64 / gcc@10.1.0 ------------------------
-   clingo-bootstrap@spack  python@3.6.9  re2c@1.2.1
-
-In case it's needed the bootstrap store can also be cleaned with:
-
-.. code-block:: console
-
-   $ spack clean -b
-   ==> Removing software in "/home/spack/.spack/bootstrap/store"
-
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 Optional: Alternate Prefix
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -771,7 +870,7 @@ an OpenMPI installed in /opt/local, one would use:
            buildable: False

 In general, Spack is easier to use and more reliable if it builds all of
-its own dependencies.  However, there are two packages for which one
+its own dependencies.  However, there are several packages for which one
 commonly needs to use system versions:

 ^^^
@@ -1119,6 +1218,33 @@ Secret keys may also be later exported using the
      <https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged>`_
      provides a good overview of sources of randomness.

+Here is an example of creating a key. Note that we provide a name for the key first
+(which we can use to reference the key later) and an email address:
+
+.. code-block:: console
+
+    $ spack gpg create dinosaur dinosaur@thedinosaurthings.com
+
+
+If you want to export the key as you create it:
+
+
+.. code-block:: console
+
+    $ spack gpg create --export key.pub dinosaur dinosaur@thedinosaurthings.com
+
+Or the private key:
+
+
+.. code-block:: console
+
+    $ spack gpg create --export-secret key.priv dinosaur dinosaur@thedinosaurthings.com
+
+
+You can include both ``--export`` and ``--export-secret``, each with
+an output file of choice, to export both.
+
+
 ^^^^^^^^^^^^
 Listing keys
 ^^^^^^^^^^^^
@@ -1127,7 +1253,22 @@ In order to list the keys available in the keyring, the
 ``spack gpg list`` command will list trusted keys with the ``--trusted`` flag
 and keys available for signing using ``--signing``. If you would like to
 remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be
-email addresses, names, or (best) fingerprints.
+email addresses, names, or (best) fingerprints. Here is an example of listing
+the key that we just created:
+
+.. code-block:: console
+
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    /home/spackuser/spack/opt/spack/gpg/pubring.kbx
+    ----------------------------------------------------------
+    pub   rsa4096 2021-03-25 [SC]
+          60D2685DAB647AD4DB54125961E09BB6F2A0ADCB
+    uid           [ultimate] dinosaur (GPG created for Spack) <dinosaur@thedinosaurthings.com>
+
+
+Note that the name "dinosaur" can be seen under the uid, which is the unique
+id. We might need this reference if we want to export or otherwise reference the key.
+

 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Signing and Verifying Packages
@@ -1142,6 +1283,38 @@ may also be used to create a signed file which contains the contents, but it
 is not recommended. Signed packages may be verified by using
 ``spack gpg verify <file>``.

+
+^^^^^^^^^^^^^^
+Exporting Keys
+^^^^^^^^^^^^^^
+
+You likely might want to export a public key, and that looks like this. Let's
+use the previous example and ask spack to export the key with uid "dinosaur."
+We will provide an output location (typically a `*.pub` file) and the name of
+the key.
+
+.. code-block:: console
+
+    $ spack gpg export dinosaur.pub dinosaur
+
+You can then look at the created file, `dinosaur.pub`, to see the exported key.
+If you want to include the private key, then just add `--secret`:
+
+.. code-block:: console
+
+    $ spack gpg export --secret dinosaur.priv dinosaur
+
+This will write the private key to the file `dinosaur.priv`.
+
+.. warning::
+
+    You should be very careful about exporting private keys. You likely would
+    only want to do this in the context of moving your spack installation to
+    a different server, and wanting to preserve keys for a buildcache. If you
+    are unsure about exporting, you can ask your local system administrator
+    or for help on an issue or the Spack slack.
+
+
 .. _cray-support:

 -------------
--- a/lib/spack/docs/module_file_support.rst
+++ b/lib/spack/docs/module_file_support.rst
@@ -71,9 +71,24 @@ Module file customization
 -------------------------

 Module files are generated by post-install hooks after the successful
-installation of a package. The table below summarizes the essential
-information associated with the different file formats
-that can be generated by Spack:
+installation of a package.
+
+.. note::
+
+   Spack only generates modulefiles when a package is installed. If
+   you attempt to install a package and it is already installed, Spack
+   will not regenerate modulefiles for the package. This may to
+   inconsistent modulefiles if the Spack module configuration has
+   changed since the package was installed, either by editing a file
+   or changing scopes or environments.
+
+   Later in this section there is a subsection on :ref:`regenerating
+   modules <cmd-spack-module-refresh>` that will allow you to bring
+   your modules to a consistent state.
+
+The table below summarizes the essential information associated with
+the different file formats that can be generated by Spack:
+

  +-----------------------------+--------------------+-------------------------------+----------------------------------------------+----------------------+
  |                             | **Hook name**      |  **Default root directory**   | **Default template file**                    | **Compatible tools** |
@@ -163,6 +178,46 @@ the installation folder of each package for the presence of a set of subdirector
 (``bin``, ``man``, ``share/man``, etc.). If any is found its full path is prepended
 to the environment variables listed below the folder name.

+Spack modules can be configured for multiple module sets. The default
+module set is named ``default``. All Spack commands which operate on
+modules default to apply the ``default`` module set, but can be
+applied to any module set in the configuration. Settings applied at
+the root of the configuration (e.g. ``modules:enable`` rather than
+``modules:default:enable``) are applied to the default module set for
+backwards compatibility.
+
+"""""""""""""""""""""""""
+Changing the modules root
+"""""""""""""""""""""""""
+
+As shown in the table above, the default module root for ``lmod`` is
+``$spack/share/spack/lmod`` and the default root for ``tcl`` is
+``$spack/share/spack/modules``. This can be overridden for any module
+set by changing the ``roots`` key of the configuration.
+
+.. code-block:: yaml
+
+   modules:
+     default:
+       roots:
+         tcl: /path/to/install/tcl/modules
+     my_custom_lmod_modules:
+       roots:
+         lmod: /path/to/install/custom/lmod/modules
+         ...
+
+This configuration will create two module sets. The default module set
+will install its ``tcl`` modules to ``/path/to/install/tcl/modules``
+(and still install its lmod modules, if any, to the default
+location). The set ``my_custom_lmod_modules`` will install its lmod
+modules to ``/path/to/install/custom/lmod/modules`` (and still install
+its tcl modules, if any, to the default location).
+
+Obviously, having multiple module sets install modules to the default
+location could be confusing to users of your modules. In the next
+section, we will discuss enabling and disabling module types (module
+file generators) for each module set.
+
 """"""""""""""""""""
 Activate other hooks
 """"""""""""""""""""
@@ -178,13 +233,14 @@ to the generator being customized:
 .. code-block:: yaml

   modules:
-     enable:
-       - tcl
-       - lmod
-     tcl:
-       # contains environment modules specific customizations
-     lmod:
-       # contains lmod specific customizations
+     default:
+       enable:
+         - tcl
+         - lmod
+       tcl:
+         # contains environment modules specific customizations
+       lmod:
+         # contains lmod specific customizations

 In general, the configuration options that you can use in ``modules.yaml`` will
 either change the layout of the module files on the filesystem, or they will affect
@@ -399,10 +455,16 @@ that are already in the LMod hierarchy.
 Customize environment modifications
 """""""""""""""""""""""""""""""""""

-You can control which prefixes in a Spack package are added to environment
-variables with the ``prefix_inspections`` section; this section maps relative
-prefixes to the list of environment variables which should be updated with
-those prefixes.
+You can control which prefixes in a Spack package are added to
+environment variables with the ``prefix_inspections`` section; this
+section maps relative prefixes to the list of environment variables
+which should be updated with those prefixes.
+
+The ``prefix_inspections`` configuration is different from other
+settings in that a ``prefix_inspections`` configuration at the
+``modules`` level of the configuration file applies to all module
+sets. This allows users to make general overrides to the default
+inspections and customize them per-module-set.

 .. code-block:: yaml

@@ -415,10 +477,66 @@ those prefixes.
      '':
        - CMAKE_PREFIX_PATH

-In this case, for a Spack package ``foo`` installed to ``/spack/prefix/foo``,
-the generated module file for ``foo`` would update ``PATH`` to contain
+Prefix inspections are only applied if the relative path inside the
+installation prefix exists. In this case, for a Spack package ``foo``
+installed to ``/spack/prefix/foo``, if ``foo`` installs executables to
+``bin`` but no libraries in ``lib``, the generated module file for
+``foo`` would update ``PATH`` to contain ``/spack/prefix/foo/bin`` and
+``CMAKE_PREFIX_PATH`` to contain ``/spack/prefix/foo``, but would not
+update ``LIBRARY_PATH``.
+
+There is a special case for prefix inspections relative to environment
+views. If all of the following conditions hold for a module set
+configuration:
+
+#. The configuration is for an :ref:`environment <environments>` and
+   will never be applied outside the environment,
+#. The environment in question is configured to use a :ref:`view
+   <filesystem-views>`,
+#. The :ref:`environment view is configured
+   <configuring_environment_views>` with a projection that ensures
+   every package is linked to a unique directory,
+
+then the module set may be configured to create modules relative to
+the environment view. This is specified by the ``use_view``
+configuration option in the module set. If ``True``, the module set is
+constructed relative to the default view of the
+environment. Otherwise, the value must be the name of the environment
+view relative to which to construct modules, or ``False-ish`` to
+disable the feature explicitly (the default is ``False``).
+
+If the ``use_view`` value is set in the config, then the prefix
+inspections for the package are done relative to the package's path in
+the view.
+
+.. code-block:: yaml
+
+   spack:
+     modules:
+       view_relative_modules:
+         use_view: my_view
+       prefix_inspections:
+         bin:
+           - PATH
+     view:
+       my_view:
+         projections:
+           root: /path/to/my/view
+           all:  '{name}-{hash}'
+
+The ``spack`` key is relevant to :ref:`environment <environments>`
+configuration, and the view key is discussed in detail in the section
+on :ref:`Configuring environment views
+<configuring_environment_views>`. With this configuration the
+generated module for package ``foo`` would set ``PATH`` to include
+``/path/to/my/view/foo-<hash>/bin`` instead of
 ``/spack/prefix/foo/bin``.

+The ``use_view`` option is useful when deploying a large software
+stack to users who are likely to inspect the modules to find full
+paths to software, when it is desirable to present the users with a
+simpler set of paths than those generated by the Spack install tree.
+
 """"""""""""""""""""""""""""""""""""
 Filter out environment modifications
 """"""""""""""""""""""""""""""""""""
--- a/lib/spack/docs/monitoring.rst
+++ b/lib/spack/docs/monitoring.rst
@@ -102,3 +102,164 @@ more tags to your build, you can do:
    # Add two tags, "pizza" and "pasta"
    $ spack install --monitor --monitor-tags pizza,pasta hdf5

+
+----------------------------
+Monitoring with Containerize
+----------------------------
+
+The same argument group is available to add to a containerize command. 
+
+^^^^^^
+Docker
+^^^^^^
+
+To add monitoring to a Docker container recipe generation using the defaults,
+and assuming a monitor server running on localhost, you would
+start with a spack.yaml in your present working directory:
+
+.. code-block:: yaml
+
+   spack:
+     specs:
+       - samtools
+
+And then do:
+
+.. code-block:: console
+
+    # preview first
+    spack containerize --monitor
+    
+    # and then write to a Dockerfile
+    spack containerize --monitor > Dockerfile
+    
+    
+The install command will be edited to include commands for enabling monitoring.
+However, getting secrets into the container for your monitor server is something
+that should be done carefully. Specifically you should:
+
+ - Never try to define secrets as ENV, ARG, or using ``--build-arg``
+ - Do not try to get the secret into the container via a "temporary" file that you remove (it in fact will still exist in a layer)
+
+Instead, it's recommended to use buildkit `as explained here <https://pythonspeed.com/articles/docker-build-secrets/>`_.
+You'll need to again export environment variables for your spack monitor server:
+
+.. code-block:: console
+
+    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+    $ export SPACKMON_USER=spacky
+
+And then use buildkit along with your build and identifying the name of the secret:
+
+.. code-block:: console
+
+    $ DOCKER_BUILDKIT=1 docker build --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
+    
+The secrets are expected to come from your environment, and then will be temporarily mounted and available
+at ``/run/secrets/<name>``. If you forget to supply them (and authentication is required) the build
+will fail. If you need to build on your host (and interact with a spack monitor at localhost) you'll
+need to tell Docker to use the host network:
+
+.. code-block:: console
+
+    $ DOCKER_BUILDKIT=1 docker build --network="host" --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
+    
+
+^^^^^^^^^^^
+Singularity
+^^^^^^^^^^^
+
+To add monitoring to a Singularity container build, the spack.yaml needs to
+be modified slightly to specify wanting a different format:
+
+
+.. code-block:: yaml
+
+   spack:
+     specs:
+       - samtools
+     container:
+       format: singularity
+       
+       
+Again, generate the recipe:
+
+
+.. code-block:: console
+
+    # preview first
+    $ spack containerize --monitor
+    
+    # then write to a Singularity recipe
+    $ spack containerize --monitor > Singularity
+
+
+Singularity doesn't have a direct way to define secrets at build time, so we have
+to do a bit of a manual command to add a file, source secrets in it, and remove it.
+Since Singularity doesn't have layers like Docker, deleting a file will truly
+remove it from the container and history. So let's say we have this file,
+``secrets.sh``:
+
+.. code-block:: console
+
+    # secrets.sh
+    export SPACKMON_USER=spack
+    export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+
+
+We would then generate the Singularity recipe, and add a files section,
+a source of that file at the start of ``%post``, and **importantly**
+a removal of the final at the end of that same section.
+
+.. code-block::
+
+    Bootstrap: docker
+    From: spack/ubuntu-bionic:latest
+    Stage: build
+
+    %files
+      secrets.sh /opt/secrets.sh 
+
+    %post
+      . /opt/secrets.sh
+
+      # spack install commands are here
+      ...
+      
+      # Don't forget to remove here!
+      rm /opt/secrets.sh
+
+
+You can then build the container as your normally would.
+
+.. code-block:: console
+
+    $ sudo singularity build container.sif Singularity 
+
+
+------------------
+Monitoring Offline
+------------------
+
+In the case that you want to save monitor results to your filesystem
+and then upload them later (perhaps you are in an environment where you don't
+have credentials or it isn't safe to use them) you can use the ``--monitor-save-local``
+flag.
+
+.. code-block:: console
+
+    $ spack install --monitor --monitor-save-local hdf5 
+
+This will save results in a subfolder, "monitor" in your designated spack
+reports folder, which defaults to ``$HOME/.spack/reports/monitor``. When
+you are ready to upload them to a spack monitor server:
+
+
+.. code-block:: console
+
+    $ spack monitor upload ~/.spack/reports/monitor 
+
+
+You can choose the root directory of results as shown above, or a specific
+subdirectory. The command accepts other arguments to specify configuration
+for the monitor.
--- a/lib/spack/docs/packaging_guide.rst
+++ b/lib/spack/docs/packaging_guide.rst
@@ -920,12 +920,13 @@ For some packages, source code is provided in a Version Control System
 (VCS) repository rather than in a tarball.  Spack can fetch packages
 from VCS repositories. Currently, Spack supports fetching with `Git
 <git-fetch_>`_, `Mercurial (hg) <hg-fetch_>`_, `Subversion (svn)
-<svn-fetch_>`_, and `Go <go-fetch_>`_.  In all cases, the destination
+<svn-fetch_>`_, `CVS (cvs) <cvs-fetch_>`_, and `Go <go-fetch_>`_.
+In all cases, the destination
 is the standard stage source path.

 To fetch a package from a source repository, Spack needs to know which
 VCS to use and where to download from. Much like with ``url``, package
-authors can specify a class-level ``git``, ``hg``, ``svn``, or ``go``
+authors can specify a class-level ``git``, ``hg``, ``svn``, ``cvs``, or ``go``
 attribute containing the correct download location.

 Many packages developed with Git have both a Git repository as well as
@@ -1173,6 +1174,55 @@ you can check out a branch or tag by changing the URL. If you want to
 package multiple branches, simply add a ``svn`` argument to each
 version directive.

+.. _cvs-fetch:
+
+^^^
+CVS
+^^^
+
+CVS (Concurrent Versions System) is an old centralized version control
+system. It is a predecessor of Subversion.
+
+To fetch with CVS, use the ``cvs``, branch, and ``date`` parameters.
+The destination directory will be the standard stage source path.
+
+Fetching the head
+  Simply add a ``cvs`` parameter to the package:
+
+  .. code-block:: python
+
+     class Example(Package):
+
+         cvs = ":pserver:outreach.scidac.gov/cvsroot%module=modulename"
+
+         version('1.1.2.4')
+
+  CVS repository locations are described using an older syntax that
+  is different from today's ubiquitous URL syntax. ``:pserver:``
+  denotes the transport method. CVS servers can host multiple
+  repositories (called "modules") at the same location, and one needs
+  to specify both the server location and the module name to access.
+  Spack combines both into one string using the ``%module=modulename``
+  suffix shown above.
+
+  This download method is untrusted.
+
+Fetching a date
+  Versions in CVS are commonly specified by date. To fetch a
+  particular branch or date, add a ``branch`` and/or ``date`` argument
+  to the version directive:
+
+  .. code-block:: python
+
+     version('2021.4.22', branch='branchname', date='2021-04-22')
+
+  Unfortunately, CVS does not identify repository-wide commits via a
+  revision or hash like Subversion, Git, or Mercurial do. This makes
+  it impossible to specify an exact commit to check out.
+
+CVS has more features, but since CVS is rarely used these days, Spack
+does not support all of them.
+
 .. _go-fetch:

 ^^
@@ -1207,7 +1257,7 @@ Variants
 Many software packages can be configured to enable optional
 features, which often come at the expense of additional dependencies or
 longer build times. To be flexible enough and support a wide variety of
-use cases, Spack permits to expose to the end-user the ability to choose
+use cases, Spack allows you to expose to the end-user the ability to choose
 which features should be activated in a package at the time it is installed.
 The mechanism to be employed is the :py:func:`spack.directives.variant` directive.

@@ -2725,6 +2775,57 @@ packages be built with MVAPICH and GCC.

 See the :ref:`concretization-preferences` section for more details.

+
+.. _group_when_spec:
+
+----------------------------
+Common ``when=`` constraints
+----------------------------
+
+In case a package needs many directives to share the whole ``when=``
+argument, or just part of it, Spack allows you to group the common part
+under a context manager:
+
+.. code-block:: python
+
+   class Gcc(AutotoolsPackage):
+
+       with when('+nvptx'):
+           depends_on('cuda')
+           conflicts('@:6', msg='NVPTX only supported in gcc 7 and above')
+           conflicts('languages=ada')
+           conflicts('languages=brig')
+           conflicts('languages=go')
+
+The snippet above is equivalent to the more verbose:
+
+.. code-block:: python
+
+   class Gcc(AutotoolsPackage):
+
+       depends_on('cuda', when='+nvptx')
+       conflicts('@:6', when='+nvptx', msg='NVPTX only supported in gcc 7 and above')
+       conflicts('languages=ada', when='+nvptx')
+       conflicts('languages=brig', when='+nvptx')
+       conflicts('languages=go', when='+nvptx')
+
+Constraints stemming from the context are added to what is explicitly present in the
+``when=`` argument of a directive, so:
+
+.. code-block:: python
+
+   with when('+elpa'):
+       depends_on('elpa+openmp', when='+openmp')
+
+is equivalent to:
+
+.. code-block:: python
+
+   depends_on('elpa+openmp', when='+openmp+elpa')
+
+Constraints from nested context managers are also added together, but they are rarely
+needed or recommended.
+
 .. _install-method:

 ------------------
@@ -2783,52 +2884,52 @@ The package base class, usually specialized for a given build system, determines
 actual set of entities available for overriding.
 The classes that are currently provided by Spack are:

-    +-------------------------------+----------------------------------+
-    |        **Base Class**         |           **Purpose**            |
-    +===============================+==================================+
-    | :py:class:`.Package`          | General base class not           |
-    |                               | specialized for any build system |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.MakefilePackage`  | Specialized class for packages   |
-    |                               | built invoking                   |
-    |                               | hand-written Makefiles           |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.AutotoolsPackage` | Specialized class for packages   |
-    |                               | built using GNU Autotools        |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.CMakePackage`     | Specialized class for packages   |
-    |                               | built using CMake                |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.CudaPackage`      | A helper class for packages that |
-    |                               | use CUDA                         |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.QMakePackage`     | Specialized class for packages   |
-    |                               | build using QMake                |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.ROCmPackage`      | A helper class for packages that |
-    |                               | use ROCm                         |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.SConsPackage`     | Specialized class for packages   |
-    |                               | built using SCons                |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.WafPackage`       | Specialized class for packages   |
-    |                               | built using Waf                  |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.RPackage`         | Specialized class for            |
-    |                               | :py:class:`.R` extensions        |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.OctavePackage`    | Specialized class for            |
-    |                               | :py:class:`.Octave` packages     |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.PythonPackage`    | Specialized class for            |
-    |                               | :py:class:`.Python` extensions   |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.PerlPackage`      | Specialized class for            |
-    |                               | :py:class:`.Perl` extensions     |
-    +-------------------------------+----------------------------------+
-    | :py:class:`.IntelPackage`     | Specialized class for licensed   |
-    |                               | Intel software                   |
-    +-------------------------------+----------------------------------+
+-------------------------=--------------------------------+----------------------------------+
+|     **Base Class**                                       |           **Purpose**            |
+==========================================================+==================================+
+| :class:`~spack.package.Package`                          | General base class not           |
+|                                                          | specialized for any build system |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.makefile.MakefilePackage`   | Specialized class for packages   |
+|                                                          | built invoking                   |
+|                                                          | hand-written Makefiles           |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.autotools.AutotoolsPackage` | Specialized class for packages   |
+|                                                          | built using GNU Autotools        |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.cmake.CMakePackage`         | Specialized class for packages   |
+|                                                          | built using CMake                |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.cuda.CudaPackage`           | A helper class for packages that |
+|                                                          | use CUDA                         |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.qmake.QMakePackage`         | Specialized class for packages   |
+|                                                          | built using QMake                |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.rocm.ROCmPackage`           | A helper class for packages that |
+|                                                          | use ROCm                         |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.scons.SConsPackage`         | Specialized class for packages   |
+|                                                          | built using SCons                |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.waf.WafPackage`             | Specialized class for packages   |
+|                                                          | built using Waf                  |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.r.RPackage`                 | Specialized class for            |
+|                                                          | R extensions                     |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.octave.OctavePackage`       | Specialized class for            |
+|                                                          | Octave packages                  |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.python.PythonPackage`       | Specialized class for            |
+|                                                          | Python extensions                |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.perl.PerlPackage`           | Specialized class for            |
+|                                                          | Perl extensions                  |
+----------------------------------------------------------+----------------------------------+
+| :class:`~spack.build_systems.intel.IntelPackage`         | Specialized class for licensed   |
+|                                                          | Intel software                   |
+----------------------------------------------------------+----------------------------------+


 .. note::
@@ -2838,7 +2939,7 @@ The classes that are currently provided by Spack are:
        rare cases where manual intervention is needed we need to stress that a
        package base class depends on the *build system* being used, not the language of the package.
        For example, a Python extension installed with CMake would ``extends('python')`` and
-        subclass from :py:class:`.CMakePackage`.
+        subclass from :class:`~spack.build_systems.cmake.CMakePackage`.

 ^^^^^^^^^^^^^^^^^^^^^
 Installation pipeline
@@ -3978,7 +4079,7 @@ prefix **before** ``make install``. Builds like this can falsely report
 success when an error occurs before the installation is complete. Simple
 sanity checks can be used to identify files and or directories that are
 required of a successful installation. Spack checks for the presence of
-the files and directories after ``install()`` runs. 
+the files and directories after ``install()`` runs.

 If any of the listed files or directories are missing, then the build will
 fail and the install prefix will be removed. If they all exist, then Spack
@@ -4045,31 +4146,31 @@ other checks.
   * - Build System Class
     - Post-Build Phase Method (Runs)
     - Post-Install Phase Method (Runs)
-   * - `AutotoolsPackage <build_systems/autotoolspackage>`
+   * - :ref:`AutotoolsPackage <autotoolspackage>`
     - ``check`` (``make test``, ``make check``)
     - ``installcheck`` (``make installcheck``)
-   * - `CMakePackage <build_systems/cmakepackage>`
+   * - :ref:`CMakePackage <cmakepackage>`
     - ``check`` (``make check``, ``make test``)
     - Not applicable
-   * - `MakefilePackage <build_systems/makefilepackage>`
+   * - :ref:`MakefilePackage <makefilepackage>`
     - ``check`` (``make test``, ``make check``)
     - ``installcheck`` (``make installcheck``)
-   * - `MesonPackage <build_systems/mesonpackage>`
+   * - :ref:`MesonPackage <mesonpackage>`
     - ``check`` (``make test``, ``make check``)
     - Not applicable
-   * - `PerlPackage <build_systems/perlpackage>`
+   * - :ref:`PerlPackage <perlpackage>`
     - ``check`` (``make test``)
     - Not applicable
-   * - `PythonPackage <build_systems/pythonpackage>`
+   * - :ref:`PythonPackage <pythonpackage>`
     - Not applicable
     - ``test`` (module imports)
-   * - `QMakePackage <build_systems/qmakepackage>`
+   * - :ref:`QMakePackage <qmakepackage>`
     - ``check`` (``make check``)
     - Not applicable
-   * - `SConsPackage <build_systems/sconspackage>`
+   * - :ref:`SConsPackage <sconspackage>`
     - ``build_test`` (must be overridden)
     - Not applicable
-   * - `SIPPackage <build_systems/sippackage>`
+   * - :ref:`SIPPackage <sippackage>`
     - Not applicable
     - ``test`` (module imports)

@@ -4092,7 +4193,7 @@ need to use two decorators for each phase test method:
 The first decorator tells Spack when in the installation process to
 run your test method installation process; namely *after* the provided
 installation phase. The second decorator tells Spack to only run the
-checks when the ``--test`` option is provided on the command line. 
+checks when the ``--test`` option is provided on the command line.

 .. note::

@@ -4166,17 +4267,17 @@ tests can be performed days, even weeks, after the software is installed.

 Stand-alone tests are checks that should run relatively quickly -- as
 in on the order of at most a few minutes -- and ideally execute all
-aspects of the installed software, or at least key functionality. 
+aspects of the installed software, or at least key functionality.

 .. note::

    Execution speed is important because these tests are intended
    to quickly assess whether the installed software works on the
    system.
-    
+
    Failing stand-alone tests indicate that there is no reason to
    proceed with more resource-intensive tests.
-    
+
    Passing stand-alone (or smoke) tests can lead to more thorough
    testing, such as extensive unit or regression tests, or tests
    that run at scale. Spack support for more thorough testing is
@@ -4206,7 +4307,7 @@ file such that:
     test_stage: /path/to/stage

 The package can access this path **during test processing** using
-`self.test_suite.stage`. 
+`self.test_suite.stage`.

 .. note::

@@ -4287,25 +4388,43 @@ can be implemented as shown below.
       @run_after('install')
       def copy_test_sources(self):
           srcs = ['tests',
-                   join_path('examples', 'foo.c'), 
+                   join_path('examples', 'foo.c'),
                   join_path('examples', 'bar.c')]
           self.cache_extra_test_sources(srcs)

 In this case, the method copies the associated files from the build
 stage **after** the software is installed to the package's metadata
-directory. The result is the following directory and files will be
-available for use in stand-alone tests:
+directory. The result is the directory and files will be cached in
+paths under ``self.install_test_root`` as follows:

-* ``join_path(self.install_test_root, 'tests')`` along with its files and subdirectories
+* ``join_path(self.install_test_root, 'tests')`` along with its files
+  and subdirectories
 * ``join_path(self.install_test_root, 'examples', 'foo.c')``
 * ``join_path(self.install_test_root, 'examples', 'bar.c')``

+These paths are **automatically copied** to the test stage directory
+where they are available to the package's ``test`` method through the
+``self.test_suite.current_test_cache_dir`` property. In our example,
+the method can access the directory and files using the following
+paths:
+
+* ``join_path(self.test_suite.current_test_cache_dir, 'tests')``
+* ``join_path(self.test_suite.current_test_cache_dir, 'examples', 'foo.c')``
+* ``join_path(self.test_suite.current_test_cache_dir, 'examples', 'bar.c')``
+
+.. note::
+
+    Library developers will want to build the associated tests under
+    the ``self.test_suite.current_test_cache_dir`` and against their
+    **installed** libraries before running them.
+
 .. note::

    While source and input files are generally recommended, binaries
    **may** also be cached by the build process for install testing.
    Only you, as the package writer or maintainer, know whether these
-    would be appropriate stand-alone tests.
+    would be appropriate for ensuring the installed software continues
+    to work as the underlying system evolves.

 .. note::

@@ -4327,11 +4446,12 @@ Examples include:
 - expected test output

 These extra files should be added to the ``test`` subdirectory of the
-package in the Spack repository. Spack will automatically copy any files
-in that directory to the test staging directory during stand-alone testing.
+package in the Spack repository.

-The ``test`` method can access those files from the
-``self.test_suite.current_test_data_dir`` directory.
+Spack will **automatically copy** the contents of that directory to the
+test staging directory for stand-alone testing. The ``test`` method can
+access those files using the ``self.test_suite.current_test_data_dir``
+property.

 .. _expected_test_output_from_file:

@@ -4351,7 +4471,7 @@ The signature for ``get_escaped_text_output`` is:

 where ``filename`` is the path to the file containing the expected output.

-The ``filename`` for a :ref:`custom file <cache_custom_files>` can be 
+The ``filename`` for a :ref:`custom file <cache_custom_files>` can be
 accessed and used as illustrated by a simplified version of an ``sqlite``
 package check:

@@ -4471,10 +4591,10 @@ where each argument has the following meaning:

  Options are a list of strings to be passed to the executable when
  it runs.
-  
+
  The default is ``[]``, which means no options are provided to the
  executable.
- 
+
 * ``expected`` is an optional list of expected output strings.

  Spack requires every string in ``expected`` to be a regex matching
@@ -4485,31 +4605,31 @@ where each argument has the following meaning:

  The expected output can be :ref:`read from a file
  <expected_test_output_from_file>`.
-  
+
  The default is ``expected=[]``, so Spack will not check the output.
- 
+
 * ``status`` is the optional expected return code(s).

  A list of return codes corresponding to successful execution can
  be provided (e.g., ``status=[0,3,7]``). Support for non-zero return
  codes allows for basic **expected failure** tests as well as different
  return codes across versions of the software.
-  
+
  The default is ``status=[0]``, which corresponds to **successful**
  execution in the sense that the executable does not exit with a
  failure code or raise an exception.
- 
+
 * ``installed`` is used to require ``exe`` to be within the package
  prefix.
-  
+
  If ``True``, then the path for ``exe`` is required to be within the
  package prefix; otherwise, the path is not constrained.
-  
+
  The default is ``False``, so the fully qualified path for ``exe``
  does **not** need to be within the installation directory.
- 
+
 * ``purpose`` is an optional heading describing the the test part.
- 
+
  Output from the test is written to a test log file so this argument
  serves as a searchable heading in text logs to highlight the start
  of the test part. Having a description can be helpful when debugging
@@ -4524,19 +4644,23 @@ where each argument has the following meaning:

  The default is ``False``, which means the test executable must be
  present for any installable version of the software.
- 
+
 * ``work_dir`` is the path to the directory from which the executable
  will run.
-  
+
  The default of ``None`` corresponds to the current directory (``'.'``).

+"""""""""""""""""""""""""""""""""""""""""
+Accessing package- and test-related files
+"""""""""""""""""""""""""""""""""""""""""
+
 You may need to access files from one or more locations when writing
-the tests. This can happen if the software's repository does not
+stand-alone tests. This can happen if the software's repository does not
 include test source files or includes files but no way to build the
 executables using the installed headers and libraries. In these
 cases, you may need to reference the files relative to one or more
-root directory and associated package property. These are given in
-the table below.
+root directory. The properties containing package- and test-related
+directory paths are provided in the table below.

 .. list-table:: Directory-to-property mapping
   :header-rows: 1
@@ -4550,10 +4674,16 @@ the table below.
   * - Package Dependency's Files
     - ``self.spec['<dependency-package>'].prefix``
     - ``self.spec['trilinos'].prefix.include``
-   * - Copied Build-time Files
+   * - Test Suite Stage Files
+     - ``self.test_suite.stage``
+     - ``join_path(self.test_suite.stage, 'results.txt')``
+   * - Cached Build-time Files
     - ``self.install_test_root``
     - ``join_path(self.install_test_root, 'examples', 'foo.c')``
-   * - Custom Package Files
+   * - Staged Cached Build-time Files
+     - ``self.test_suite.current_test_cache_dir``
+     - ``join_path(self.test_suite.current_test_cache_dir, 'examples', 'foo.c')``
+   * - Staged Custom Package Files
     - ``self.test_suite.current_test_data_dir``
     - ``join_path(self.test_suite.current_test_data_dir, 'hello.f90')``

@@ -4624,7 +4754,7 @@ where only the outputs for the first of each set are shown:
   Copyright (C) 2018 Free Software Foundation, Inc.
   This is free software; see the source for copying conditions.  There is NO
   warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-   
+
   PASSED
   ...
   ==> [2021-04-26-17:35:20.493921] test: checking mpirun output
@@ -4785,7 +4915,7 @@ This is already part of the boilerplate for packages created with
 Filtering functions
 ^^^^^^^^^^^^^^^^^^^

-:py:func:`filter_file(regex, repl, *filenames, **kwargs) <spack.filter_file>`
+:py:func:`filter_file(regex, repl, *filenames, **kwargs) <llnl.util.filesystem.filter_file>`
  Works like ``sed`` but with Python regular expression syntax.  Takes
  a regular expression, a replacement, and a set of files.  ``repl``
  can be a raw string or a callable function.  If it is a raw string,
@@ -4800,10 +4930,10 @@ Filtering functions

     .. code-block:: python

-        filter_file(r'^CC\s*=.*',  spack_cc,  'Makefile')
-        filter_file(r'^CXX\s*=.*', spack_cxx, 'Makefile')
-        filter_file(r'^F77\s*=.*', spack_f77, 'Makefile')
-        filter_file(r'^FC\s*=.*',  spack_fc,  'Makefile')
+        filter_file(r'^\s*CC\s*=.*',  'CC = '  + spack_cc,  'Makefile')
+        filter_file(r'^\s*CXX\s*=.*', 'CXX = ' + spack_cxx, 'Makefile')
+        filter_file(r'^\s*F77\s*=.*', 'F77 = ' + spack_f77, 'Makefile')
+        filter_file(r'^\s*FC\s*=.*',  'FC = '  + spack_fc,  'Makefile')

  #. Replacing ``#!/usr/bin/perl`` with ``#!/usr/bin/env perl`` in ``bib2xhtml``:

@@ -4823,7 +4953,7 @@ Filtering functions
        filter_file('CXX="c++"', 'CXX="%s"' % self.compiler.cxx,
                    prefix.bin.mpicxx)

-:py:func:`change_sed_delimiter(old_delim, new_delim, *filenames) <spack.change_sed_delim>`
+:py:func:`change_sed_delimiter(old_delim, new_delim, *filenames) <llnl.util.filesystem.change_sed_delimiter>`
    Some packages, like TAU, have a build system that can't install
    into directories with, e.g. '@' in the name, because they use
    hard-coded ``sed`` commands in their build.
@@ -4845,14 +4975,14 @@ Filtering functions
 File functions
 ^^^^^^^^^^^^^^

-:py:func:`ancestor(dir, n=1) <spack.ancestor>`
+:py:func:`ancestor(dir, n=1) <llnl.util.filesystem.ancestor>`
  Get the n\ :sup:`th` ancestor of the directory ``dir``.

-:py:func:`can_access(path) <spack.can_access>`
+:py:func:`can_access(path) <llnl.util.filesystem.can_access>`
  True if we can read and write to the file at ``path``.  Same as
  native python ``os.access(file_name, os.R_OK|os.W_OK)``.

-:py:func:`install(src, dest) <spack.install>`
+:py:func:`install(src, dest) <llnl.util.filesystem.install>`
  Install a file to a particular location.  For example, install a
  header into the ``include`` directory under the install ``prefix``:

@@ -4860,14 +4990,14 @@ File functions

     install('my-header.h', prefix.include)

-:py:func:`join_path(*paths) <spack.join_path>`
+:py:func:`join_path(*paths) <llnl.util.filesystem.join_path>`
  An alias for ``os.path.join``. This joins paths using the OS path separator.

-:py:func:`mkdirp(*paths) <spack.mkdirp>`
+:py:func:`mkdirp(*paths) <llnl.util.filesystem.mkdirp>`
  Create each of the directories in ``paths``, creating any parent
  directories if they do not exist.

-:py:func:`working_dir(dirname, kwargs) <spack.working_dir>`
+:py:func:`working_dir(dirname, kwargs) <llnl.util.filesystem.working_dir>`
  This is a Python `Context Manager
  <https://docs.python.org/2/library/contextlib.html>`_ that makes it
  easier to work with subdirectories in builds.  You use this with the
@@ -4909,7 +5039,7 @@ File functions
     The ``create=True`` keyword argument causes the command to create
     the directory if it does not exist.

-:py:func:`touch(path) <spack.touch>`
+:py:func:`touch(path) <llnl.util.filesystem.touch>`
  Create an empty file at ``path``.

 .. _make-package-findable:
--- a/lib/spack/docs/pipelines.rst
+++ b/lib/spack/docs/pipelines.rst
@@ -30,52 +30,18 @@ at least one `runner <https://docs.gitlab.com/runner/>`_.  Then the basic steps
 for setting up a build pipeline are as follows:

 #. Create a repository on your gitlab instance
-#. Add a ``spack.yaml`` at the root containing your pipeline environment (see
-   below for details)
+#. Add a ``spack.yaml`` at the root containing your pipeline environment
 #. Add a ``.gitlab-ci.yml`` at the root containing two jobs (one to generate
-   the pipeline dynamically, and one to run the generated jobs), similar to
-   this one:
-
-   .. code-block:: yaml
-
-      stages: [generate, build]
-
-      generate-pipeline:
-        stage: generate
-        tags:
-          - <custom-tag>
-        script:
-          - spack env activate --without-view .
-          - spack ci generate
-            --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
-        artifacts:
-          paths:
-            - "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
-
-      build-jobs:
-        stage: build
-        trigger:
-          include:
-            - artifact: "jobs_scratch_dir/pipeline.yml"
-              job: generate-pipeline
-          strategy: depend
-
-
-#. Add any secrets required by the CI process to environment variables using the
-   CI web ui
+   the pipeline dynamically, and one to run the generated jobs).
 #. Push a commit containing the ``spack.yaml`` and ``.gitlab-ci.yml`` mentioned above
   to the gitlab repository

-The ``<custom-tag>``, above, is used to pick one of your configured runners to
-run the pipeline generation phase (this is implemented in the ``spack ci generate``
-command, which assumes the runner has an appropriate version of spack installed
-and configured for use).  Of course, there are many ways to customize the process.
-You can configure CDash reporting on the progress of your builds, set up S3 buckets
-to mirror binaries built by the pipeline, clone a custom spack repository/ref for
-use by the pipeline, and more.
+See the :ref:`functional_example` section for a minimal working example.  See also
+the :ref:`custom_Workflow` section for a link to an example of a custom workflow
+based on spack pipelines.

-While it is possible to set up pipelines on gitlab.com, the builds there are
-limited to 60 minutes and generic hardware.  It is also possible to
+While it is possible to set up pipelines on gitlab.com, as illustrated above, the
+builds there are limited to 60 minutes and generic hardware.  It is also possible to
 `hook up <https://about.gitlab.com/blog/2018/04/24/getting-started-gitlab-ci-gcp>`_
 Gitlab to Google Kubernetes Engine (`GKE <https://cloud.google.com/kubernetes-engine/>`_)
 or Amazon Elastic Kubernetes Service (`EKS <https://aws.amazon.com/eks>`_), though those
@@ -88,21 +54,144 @@ dynamically generated
 Note that the use of dynamic child pipelines requires running Gitlab version
 ``>= 12.9``.

+.. _functional_example:
+
+------------------
+Functional Example
+------------------
+
+The simplest fully functional standalone example of a working pipeline can be
+examined live at this example `project <https://gitlab.com/scott.wittenburg/spack-pipeline-demo>`_
+on gitlab.com.
+
+Here's the ``.gitlab-ci.yml`` file from that example that builds and runs the
+pipeline:
+
+.. code-block:: yaml
+
+   stages: [generate, build]
+
+   variables:
+     SPACK_REPO: https://github.com/scottwittenburg/spack.git
+     SPACK_REF: pipelines-reproducible-builds
+
+   generate-pipeline:
+     stage: generate
+     tags:
+       - docker
+     image:
+       name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
+       entrypoint: [""]
+     before_script:
+       - git clone ${SPACK_REPO}
+       - pushd spack && git checkout ${SPACK_REF} && popd
+       - . "./spack/share/spack/setup-env.sh"
+     script:
+       - spack env activate --without-view .
+       - spack -d ci generate
+         --artifacts-root "${CI_PROJECT_DIR}/jobs_scratch_dir"
+         --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
+     artifacts:
+       paths:
+         - "${CI_PROJECT_DIR}/jobs_scratch_dir"
+
+   build-jobs:
+     stage: build
+     trigger:
+       include:
+         - artifact: "jobs_scratch_dir/pipeline.yml"
+           job: generate-pipeline
+       strategy: depend
+
+The key thing to note above is that there are two jobs: The first job to run,
+``generate-pipeline``, runs the ``spack ci generate`` command to generate a
+dynamic child pipeline and write it to a yaml file, which is then picked up
+by the second job, ``build-jobs``, and used to trigger the downstream pipeline.
+
+And here's the spack environment built by the pipeline represented as a
+``spack.yaml`` file:
+
+.. code-block:: yaml
+
+   spack:
+     view: false
+     concretization: separately
+
+     definitions:
+     - pkgs:
+       - zlib
+       - bzip2
+     - arch:
+       - '%gcc@7.5.0 arch=linux-ubuntu18.04-x86_64'
+
+     specs:
+     - matrix:
+       - - $pkgs
+       - - $arch
+
+     mirrors: { "mirror": "s3://spack-public/mirror" }
+
+     gitlab-ci:
+       before_script:
+         - git clone ${SPACK_REPO}
+         - pushd spack && git checkout ${SPACK_CHECKOUT_VERSION} && popd
+         - . "./spack/share/spack/setup-env.sh"
+       script:
+         - pushd ${SPACK_CONCRETE_ENV_DIR} && spack env activate --without-view . && popd
+         - spack -d ci rebuild
+       mappings:
+         - match: ["os=ubuntu18.04"]
+           runner-attributes:
+             image:
+               name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
+               entrypoint: [""]
+             tags:
+               - docker
+       enable-artifacts-buildcache: True
+       rebuild-index: False
+
+The elements of this file important to spack ci pipelines are described in more
+detail below, but there are a couple of things to note about the above working
+example:
+
+Normally ``enable-artifacts-buildcache`` is not recommended in production as it
+results in large binary artifacts getting transferred back and forth between
+gitlab and the runners.  But in this example on gitlab.com where there is no
+shared, persistent file system, and where no secrets are stored for giving
+permission to write to an S3 bucket, ``enabled-buildcache-artifacts`` is the only
+way to propagate binaries from jobs to their dependents.
+
+Also, it is usually a good idea to let the pipeline generate a final "rebuild the
+buildcache index" job, so that subsequent pipeline generation can quickly determine
+which specs are up to date and which need to be rebuilt (it's a good idea for other
+reasons as well, but those are out of scope for this discussion).  In this case we
+have disabled it (using ``rebuild-index: False``) because the index would only be
+generated in the artifacts mirror anyway, and consequently would not be available
+during subesequent pipeline runs.
+
+.. note::
+   With the addition of reproducible builds (#22887) a previously working
+   pipeline will require some changes:
+
+   * In the build jobs (``runner-attributes``), the environment location changed.
+     This will typically show as a ``KeyError`` in the failing job. Be sure to
+     point to ``${SPACK_CONCRETE_ENV_DIR}``.
+
+   * When using ``include`` in your environment, be sure to make the included
+     files available in the build jobs. This means adding those files to the
+     artifact directory. Those files will also be missing in the reproducibility
+     artifact.
+
+   * Because the location of the environment changed, including files with
+     relative path may have to be adapted to work both in the project context
+     (generation job) and in the concrete env dir context (build job).
+
 -----------------------------------
 Spack commands supporting pipelines
 -----------------------------------

-Spack provides a command ``ci`` with two sub-commands: ``spack ci generate`` generates
-a pipeline (a .gitlab-ci.yml file) from a spack environment, and ``spack ci rebuild``
-checks a spec against a remote mirror and possibly rebuilds it from source and updates
-the binary mirror with the latest built package.  Both ``spack ci ...`` commands must
-be run from within the same environment, as each one makes use of the environment for
-different purposes.  Additionally, some options to the commands (or conditions present
-in the spack environment file) may require particular environment variables to be
-set in order to function properly.  Examples of these are typically secrets
-needed for pipeline operation that should not be visible in a spack environment
-file.  These environment variables are described in more detail
-:ref:`ci_environment_variables`.
+Spack provides a ``ci`` command with a few sub-commands supporting spack
+ci pipelines.  These commands are covered in more detail in this section.

 .. _cmd-spack-ci:

@@ -121,6 +210,17 @@ pipeline jobs.

 Concretizes the specs in the active environment, stages them (as described in
 :ref:`staging_algorithm`), and writes the resulting ``.gitlab-ci.yml`` to disk.
+During concretization of the environment, ``spack ci generate`` also writes a
+``spack.lock`` file which is then provided to generated child jobs and made
+available in all generated job artifacts to aid in reproducing failed builds
+in a local environment.  This means there are two artifacts that need to be
+exported in your pipeline generation job (defined in your ``.gitlab-ci.yml``).
+The first is the output yaml file of ``spack ci generate``, and the other is
+the directory containing the concrete environment files.  In the
+:ref:`functional_example` section, we only mentioned one path in the
+``artifacts`` ``paths`` list because we used ``--artifacts-root`` as the
+top level directory containing both the generated pipeline yaml and the
+concrete environment.

 Using ``--prune-dag`` or ``--no-prune-dag`` configures whether or not jobs are
 generated for specs that are already up to date on the mirror.   If enabling
@@ -128,6 +228,16 @@ DAG pruning using ``--prune-dag``, more information may be required in your
 ``spack.yaml`` file, see the :ref:`noop_jobs` section below regarding
 ``service-job-attributes``.

+The optional ``--check-index-only`` argument can be used to speed up pipeline
+generation by telling spack to consider only remote buildcache indices when
+checking the remote mirror to determine if each spec in the DAG is up to date
+or not.  The default behavior is for spack to fetch the index and check it,
+but if the spec is not found in the index, to also perform a direct check for
+the spec on the mirror.  If the remote buildcache index is out of date, which
+can easily happen if it is not updated frequently, this behavior ensures that
+spack has a way to know for certain about the status of any concrete spec on
+the remote mirror, but can slow down pipeline generation significantly.
+
 The ``--optimize`` argument is experimental and runs the generated pipeline
 document through a series of optimization passes designed to reduce the size
 of the generated file.
@@ -143,19 +253,64 @@ The optional ``--output-file`` argument should be an absolute path (including
 file name) to the generated pipeline, and if not given, the default is
 ``./.gitlab-ci.yml``.

+While optional, the ``--artifacts-root`` argument is used to determine where
+the concretized environment directory should be located.  This directory will
+be created by ``spack ci generate`` and will contain the ``spack.yaml`` and
+generated ``spack.lock`` which are then passed to all child jobs as an
+artifact.  This directory will also be the root directory for all artifacts
+generated by jobs in the pipeline.
+
 .. _cmd-spack-ci-rebuild:

-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^
 ``spack ci rebuild``
-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^

-This sub-command is responsible for ensuring a single spec from the release
-environment is up to date on the remote mirror configured in the environment,
-and as such, corresponds to a single job in the ``.gitlab-ci.yml`` file.
+The purpose of the ``spack ci rebuild`` is straightforward: take its assigned
+spec job, check whether the target mirror already has a binary for that spec,
+and if not, build the spec from source and push the binary to the mirror.  To
+accomplish this in a reproducible way, the sub-command prepares a ``spack install``
+command line to build a single spec in the DAG, saves that command in a
+shell script, ``install.sh``, in the current working directory, and then runs
+it to install the spec.  The shell script is also exported as an artifact to
+aid in reproducing the build outside of the CI environment.

-Rather than taking command-line arguments, this sub-command expects information
-to be communicated via environment variables, which will typically come via the
-``.gitlab-ci.yml`` job as ``variables``.
+If it was necessary to install the spec from source, ``spack ci rebuild`` will
+also subsequently create a binary package for the spec and try to push it to the
+mirror.
+
+The ``spack ci rebuild`` sub-command mainly expects its "input" to come either
+from environment variables or from the ``gitlab-ci`` section of the ``spack.yaml``
+environment file.  There are two main sources of the environment variables, some
+are written into ``.gitlab-ci.yml`` by ``spack ci generate``, and some are
+provided by the GitLab CI runtime.
+
+.. _cmd-spack-ci-rebuild-index:
+
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+``spack ci rebuild-index``
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is a convenience command to rebuild the buildcache index associated with
+the mirror in the active, gitlab-enabled environment (specifying the mirror
+url or name is not required).
+
+.. _cmd-spack-ci-reproduce-build:
+
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+``spack ci reproduce-build``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Given the url to a gitlab pipeline rebuild job, downloads and unzips the
+artifacts into a local directory (which can be specified with the optional
+``--working-dir`` argument), then finds the target job in the generated
+pipeline to extract details about how it was run.  Assuming the job used a
+docker image, the command prints a ``docker run`` command line and some basic
+instructions on how to reproduce the build locally.
+
+Note that jobs failing in the pipeline will print messages giving the
+arguments you can pass to ``spack ci reproduce-build`` in order to reproduce
+a particular build locally.

 ------------------------------------
 A pipeline-enabled spack environment
@@ -364,8 +519,9 @@ scheduled on that runner.  This allows users to do any custom preparation or
 cleanup tasks that fit their particular workflow, as well as completely
 customize the rebuilding of a spec if they so choose.  Spack will not generate
 a ``before_script`` or ``after_script`` for jobs, but if you do not provide
-a custom ``script``, spack will generate one for you that assumes your
-``spack.yaml`` is at the root of the repository, activates that environment for
+a custom ``script``, spack will generate one for you that assumes the concrete
+environment directory is located within your ``--artifacts_root`` (or if not
+provided, within your ``$CI_PROJECT_DIR``), activates that environment for
 you, and invokes ``spack ci rebuild``.

 .. _staging_algorithm:
@@ -490,14 +646,15 @@ Using a custom spack in your pipeline
 If your runners will not have a version of spack ready to invoke, or if for some
 other reason you want to use a custom version of spack to run your pipelines,
 this section provides an example of how you could take advantage of
-user-provided pipeline scripts to accomplish this fairly simply.  First, you
-could use the GitLab user interface to create CI environment variables
-containing the url and branch or tag you want to use (calling them, for
-example, ``SPACK_REPO`` and ``SPACK_REF``), then refer to those in a custom shell
-script invoked both from your pipeline generation job, as well as in your rebuild
+user-provided pipeline scripts to accomplish this fairly simply.  First, consider
+specifying the source and version of spack you want to use with variables, either
+written directly into your ``.gitlab-ci.yml``, or provided by CI variables defined
+in the gitlab UI or from some upstream pipeline.  Let's say you choose the variable
+names ``SPACK_REPO`` and ``SPACK_REF`` to refer to the particular fork of spack
+and branch you want for running your pipeline.  You can then refer to those in a
+custom shell script invoked both from your pipeline generation job and your rebuild
 jobs.  Here's the ``generate-pipeline`` job from the top of this document,
-updated to invoke a custom shell script that will clone and source a custom
-spack:
+updated to clone and source a custom spack:

 .. code-block:: yaml

@@ -505,34 +662,24 @@ spack:
     tags:
       - <some-other-tag>
   before_script:
-     - ./cloneSpack.sh
+     - git clone ${SPACK_REPO}
+     - pushd spack && git checkout ${SPACK_REF} && popd
+     - . "./spack/share/spack/setup-env.sh"
   script:
     - spack env activate --without-view .
-     - spack ci generate
+     - spack ci generate --check-index-only
+       --artifacts-root "${CI_PROJECT_DIR}/jobs_scratch_dir"
       --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
   after_script:
     - rm -rf ./spack
   artifacts:
     paths:
-       - "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
+       - "${CI_PROJECT_DIR}/jobs_scratch_dir"

-And the ``cloneSpack.sh`` script could contain:
-
-.. code-block:: bash
-
-   #!/bin/bash
-
-   git clone ${SPACK_REPO}
-   pushd ./spack
-   git checkout ${SPACK_REF}
-   popd
-
-   . "./spack/share/spack/setup-env.sh"
-
-   spack --version
-
-Finally, you would also want your generated rebuild jobs to clone that version
-of spack, so you would update your ``spack.yaml`` from above as follows:
+That takes care of getting the desired version of spack when your pipeline is
+generated by ``spack ci generate``.  You also want your generated rebuild jobs
+(all of them) to clone that version of spack, so next you would update your
+``spack.yaml`` from above as follows:

 .. code-block:: yaml

@@ -547,17 +694,17 @@ of spack, so you would update your ``spack.yaml`` from above as follows:
               - spack-kube
             image: spack/ubuntu-bionic
             before_script:
-               - ./cloneSpack.sh
+               - git clone ${SPACK_REPO}
+               - pushd spack && git checkout ${SPACK_REF} && popd
+               - . "./spack/share/spack/setup-env.sh"
             script:
-               - spack env activate --without-view .
+               - spack env activate --without-view ${SPACK_CONCRETE_ENV_DIR}
               - spack -d ci rebuild
             after_script:
               - rm -rf ./spack

 Now all of the generated rebuild jobs will use the same shell script to clone
-spack before running their actual workload.  Note in the above example the
-provision of a custom ``script`` section.  The reason for this is to run
-``spack ci rebuild`` in debug mode to get more information when builds fail.
+spack before running their actual workload.

 Now imagine you have long pipelines with many specs to be built, and you
 are pointing to a spack repository and branch that has a tendency to change
@@ -571,13 +718,32 @@ simply contains the human-readable value produced by ``spack -V`` at pipeline
 generation time, the ``SPACK_CHECKOUT_VERSION`` variable can be used in a
 ``git checkout`` command to make sure all child jobs checkout the same version
 of spack used to generate the pipeline.  To take advantage of this, you could
-simply replace ``git checkout ${SPACK_REF}`` in the example ``cloneSpack.sh``
-script above with ``git checkout ${SPACK_CHECKOUT_VERSION}``.
+simply replace ``git checkout ${SPACK_REF}`` in the example ``spack.yaml``
+above with ``git checkout ${SPACK_CHECKOUT_VERSION}``.

 On the other hand, if you're pointing to a spack repository and branch under your
 control, there may be no benefit in using the captured ``SPACK_CHECKOUT_VERSION``,
-and you can instead just clone using the project CI variables you set (in the
-earlier example these were ``SPACK_REPO`` and ``SPACK_REF``).
+and you can instead just clone using the variables you define (``SPACK_REPO``
+and ``SPACK_REF`` in the example aboves).
+
+.. _custom_workflow:
+
+---------------
+Custom Workflow
+---------------
+
+There are many ways to take advantage of spack CI pipelines to achieve custom
+workflows for building packages or other resources.  One example of a custom
+pipelines workflow is the spack tutorial container
+`repo <https://github.com/spack/spack-tutorial-container>`_.  This project uses
+GitHub (for source control), GitLab (for automated spack ci pipelines), and
+DockerHub automated builds to build Docker images (complete with fully populate
+binary mirror) used by instructors and participants of a spack tutorial.
+
+Take a look a the repo to see how it is accomplished using spack CI pipelines,
+and see the following markdown files at the root of the repository for
+descriptions and documentation describing the workflow: ``DESCRIPTION.md``,
+``DOCKERHUB_SETUP.md``, ``GITLAB_SETUP.md``, and ``UPDATING.md``.

 .. _ci_environment_variables:

@@ -594,28 +760,33 @@ environment variables used by the pipeline infrastructure are described here.
 AWS_ACCESS_KEY_ID
 ^^^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket.
+Optional.  Only needed when binary mirror is an S3 bucket.

 ^^^^^^^^^^^^^^^^^^^^^
 AWS_SECRET_ACCESS_KEY
 ^^^^^^^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket.
+Optional.  Only needed when binary mirror is an S3 bucket.

 ^^^^^^^^^^^^^^^
 S3_ENDPOINT_URL
 ^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket that is *not* on AWS.
+Optional.  Only needed when binary mirror is an S3 bucket that is *not* on AWS.

 ^^^^^^^^^^^^^^^^^
 CDASH_AUTH_TOKEN
 ^^^^^^^^^^^^^^^^^

-Needed in order to report build groups to CDash.
+Optional. Only needed in order to report build groups to CDash.

 ^^^^^^^^^^^^^^^^^
 SPACK_SIGNING_KEY
 ^^^^^^^^^^^^^^^^^

-Needed to sign/verify binary packages from the remote binary mirror.
+Optional.  Only needed if you want ``spack ci rebuild`` to trust the key you
+store in this variable, in which case, it will subsequently be used to sign and
+verify binary packages (when installing or creating buildcaches).  You could
+also have already trusted a key spack know about, or if no key is present anywhere,
+spack will install specs using ``--no-check-signature`` and create buildcaches
+using ``-u`` (for unsigned binaries).
--- a/lib/spack/docs/requirements.txt
+++ b/lib/spack/docs/requirements.txt
@@ -1,7 +1,7 @@
 # These dependencies should be installed using pip in order
 # to build the documentation.

-sphinx
+sphinx>=3.4,!=4.1.2
 sphinxcontrib-programoutput
 sphinx-rtd-theme
 python-levenshtein
--- a/lib/spack/docs/spack.yaml
+++ b/lib/spack/docs/spack.yaml
@@ -8,12 +8,20 @@
 # these commands in this directory to install Sphinx and its plugins,
 # then build the docs:
 #
-#     spack install
 #     spack env activate .
+#     spack install
 #     make
 #
 spack:
  specs:
-  - py-sphinx
+  # Sphinx
+  - "py-sphinx@3.4:4.1.1,4.1.3:"
  - py-sphinxcontrib-programoutput
  - py-sphinx-rtd-theme
+  # VCS
+  - git
+  - mercurial
+  - subversion
+  # Plotting
+  - graphviz
+  concretization: together
--- a/lib/spack/docs/tables/system_prerequisites.csv
+++ b/lib/spack/docs/tables/system_prerequisites.csv
@@ -0,0 +1,17 @@
+Name, Supported Versions, Notes, Requirement Reason
+Python, 2.6/2.7/3.5-3.9, , Interpreter for Spack
+C/C++ Compilers, , , Building software
+make, , , Build software
+patch, , , Build software
+bash, , , Compiler wrappers
+tar, , , Extract/create archives
+gzip, , , Compress/Decompress archives
+unzip, , , Compress/Decompress archives
+bzip, , , Compress/Decompress archives
+xz, , , Compress/Decompress archives
+zstd, , Optional, Compress/Decompress archives
+file, , , Create/Use Buildcaches
+gnupg2, , , Sign/Verify Buildcaches
+git, , , Manage Software Repositories
+svn, , Optional, Manage Software Repositories
+hg, , Optional, Manage Software Repositories
--- a/lib/spack/docs/workflows.rst
+++ b/lib/spack/docs/workflows.rst
@@ -543,7 +543,8 @@ specified from the command line using the ``--projection-file`` option
 to the ``spack view`` command.

 The projections configuration file is a mapping of partial specs to
-spec format strings, as shown in the example below.
+spec format strings, defined by the :meth:`~spack.spec.Spec.format`
+function, as shown in the example below.

 .. code-block:: yaml

--- a/lib/spack/env/cc
+++ b/lib/spack/env/cc
@@ -40,6 +40,14 @@ parameters=(
    SPACK_SYSTEM_DIRS
 )

+# Optional parameters that aren't required to be set
+
+# Boolean (true/false/custom) if we want to add debug flags
+# SPACK_ADD_DEBUG_FLAGS
+
+# If a custom flag is requested, it will be defined
+# SPACK_DEBUG_FLAGS
+
 # The compiler input variables are checked for sanity later:
 #   SPACK_CC, SPACK_CXX, SPACK_F77, SPACK_FC
 # The default compiler flags are passed from these variables:
@@ -87,6 +95,25 @@ for param in "${parameters[@]}"; do
    fi
 done

+# Check if optional parameters are defined
+# If we aren't asking for debug flags, don't add them
+if [[ -z ${SPACK_ADD_DEBUG_FLAGS+x} ]]; then
+    SPACK_ADD_DEBUG_FLAGS="false"
+fi
+
+# SPACK_ADD_DEBUG_FLAGS must be true/false/custom
+is_valid="false"
+for param in "true" "false" "custom"; do
+  if [ "$param" == "$SPACK_ADD_DEBUG_FLAGS" ];  then
+      is_valid="true"
+  fi
+done
+
+# Exit with error if we are given an incorrect value
+if [ "$is_valid" == "false" ]; then
+    die "SPACK_ADD_DEBUG_FLAGS, if defined, must be one of 'true' 'false' or 'custom'"
+fi
+
 # Figure out the type of compiler, the language, and the mode so that
 # the compiler script knows what to do.
 #
@@ -106,30 +133,35 @@ comp="CC"
 case "$command" in
    cpp)
        mode=cpp
+        debug_flags="-g"
        ;;
    cc|c89|c99|gcc|clang|armclang|icc|icx|pgcc|nvc|xlc|xlc_r|fcc)
        command="$SPACK_CC"
        language="C"
        comp="CC"
        lang_flags=C
+        debug_flags="-g"
        ;;
    c++|CC|g++|clang++|armclang++|icpc|icpx|pgc++|nvc++|xlc++|xlc++_r|FCC)
        command="$SPACK_CXX"
        language="C++"
        comp="CXX"
        lang_flags=CXX
+        debug_flags="-g"
        ;;
    ftn|f90|fc|f95|gfortran|flang|armflang|ifort|ifx|pgfortran|nvfortran|xlf90|xlf90_r|nagfor|frt)
        command="$SPACK_FC"
        language="Fortran 90"
        comp="FC"
        lang_flags=F
+        debug_flags="-g"
        ;;
    f77|xlf|xlf_r|pgf77)
        command="$SPACK_F77"
        language="Fortran 77"
        comp="F77"
        lang_flags=F
+        debug_flags="-g"
        ;;
    ld)
        mode=ld
@@ -415,6 +447,16 @@ done
 #
 flags=()

+# Add debug flags
+if [ "${SPACK_ADD_DEBUG_FLAGS}" == "true" ]; then
+    flags=("${flags[@]}" "${debug_flags}")
+
+# If a custom flag is requested, derive from environment
+elif [ "$SPACK_ADD_DEBUG_FLAGS" == "custom" ]; then
+    IFS=' ' read -ra SPACK_DEBUG_FLAGS <<< "$SPACK_DEBUG_FLAGS"
+    flags=("${flags[@]}" "${SPACK_DEBUG_FLAGS[@]}")
+fi
+
 # Fortran flags come before CPPFLAGS
 case "$mode" in
    cc|ccld)
--- a/lib/spack/external/init.py
+++ b/lib/spack/external/init.py
@@ -11,7 +11,7 @@

 * Homepage: https://pypi.python.org/pypi/archspec
 * Usage: Labeling, comparison and detection of microarchitectures
-* Version: 0.1.2 (commit 130607c373fd88cd3c43da94c0d3afd3a44084b0)
+* Version: 0.1.2 (commit 4dbf253daf37e4a008e4beb6489f347b4a35aed4)

 argparse
 --------
--- a/lib/spack/external/archspec/json/cpu/microarchitectures.json
+++ b/lib/spack/external/archspec/json/cpu/microarchitectures.json
@@ -1725,6 +1725,12 @@
            "versions": ":",
            "flags": "-march=armv8-a -mtune=generic"
          }
+        ],
+        "arm": [
+          {
+            "versions": ":",
+            "flags": "-march=armv8-a -mtune=generic"
+          }
        ]
      }
    },
@@ -1828,6 +1834,12 @@
            "versions": "5:",
            "flags": "-march=armv8.2-a+crc+crypto+fp16+sve"
          }
+        ],
+        "arm": [
+          {
+            "versions": "20:",
+            "flags": "-march=armv8.2-a+crc+crypto+fp16+sve"
+          }
        ]
      }
    },
@@ -1930,6 +1942,12 @@
                  "versions": "5:",
                  "flags" : "-march=armv8.2-a+fp16+rcpc+dotprod+crypto"
              }
+          ],
+          "arm" : [
+              {
+                  "versions": "20:",
+                  "flags" : "-march=armv8.2-a+fp16+rcpc+dotprod+crypto"
+              }
          ]
      }
    },
--- a/lib/spack/external/py2/argparse.py
+++ b/lib/spack/external/py2/argparse.py
--- a/lib/spack/llnl/util/argparsewriter.py
+++ b/lib/spack/llnl/util/argparsewriter.py
@@ -5,9 +5,9 @@

 from __future__ import print_function

-import re
 import argparse
 import errno
+import re
 import sys

 from six import StringIO
@@ -326,7 +326,7 @@ def end_function(self, prog=None):
        """Returns the syntax needed to end a function definition.

        Parameters:
-            prog (str, optional): the command name
+            prog (str or None): the command name

        Returns:
            str: the function definition ending
--- a/lib/spack/llnl/util/filesystem.py
+++ b/lib/spack/llnl/util/filesystem.py
@@ -4,9 +4,9 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 import collections
 import errno
-import hashlib
 import glob
 import grp
+import hashlib
 import itertools
 import numbers
 import os
@@ -19,10 +19,11 @@
 from contextlib import contextmanager

 import six
+
 from llnl.util import tty
 from llnl.util.lang import dedupe, memoized
-from spack.util.executable import Executable

+from spack.util.executable import Executable

 if sys.version_info >= (3, 3):
    from collections.abc import Sequence  # novm
@@ -443,7 +444,7 @@ def copy_tree(src, dest, symlinks=True, ignore=None, _permissions=False):
        src (str): the directory to copy
        dest (str): the destination directory
        symlinks (bool): whether or not to preserve symlinks
-        ignore (function): function indicating which files to ignore
+        ignore (typing.Callable): function indicating which files to ignore
        _permissions (bool): for internal use only

    Raises:
@@ -517,7 +518,7 @@ def install_tree(src, dest, symlinks=True, ignore=None):
        src (str): the directory to install
        dest (str): the destination directory
        symlinks (bool): whether or not to preserve symlinks
-        ignore (function): function indicating which files to ignore
+        ignore (typing.Callable): function indicating which files to ignore

    Raises:
        IOError: if *src* does not match any files or directories
@@ -556,12 +557,12 @@ def mkdirp(*paths, **kwargs):
        paths (str): paths to create with mkdirp

    Keyword Aguments:
-        mode (permission bits or None, optional): optional permissions to set
+        mode (permission bits or None): optional permissions to set
            on the created directory -- use OS default if not provided
-        group (group name or None, optional): optional group for permissions of
+        group (group name or None): optional group for permissions of
            final created directory -- use OS default if not provided. Only
            used if world write permissions are not set
-        default_perms ('parents' or 'args', optional): The default permissions
+        default_perms (str or None): one of 'parents' or 'args'. The default permissions
            that are set for directories that are not themselves an argument
            for mkdirp. 'parents' means intermediate directories get the
            permissions of their direct parent directory, 'args' means
@@ -865,7 +866,7 @@ def traverse_tree(source_root, dest_root, rel_path='', **kwargs):
    Keyword Arguments:
        order (str): Whether to do pre- or post-order traversal. Accepted
            values are 'pre' and 'post'
-        ignore (function): function indicating which files to ignore
+        ignore (typing.Callable): function indicating which files to ignore
        follow_nonexisting (bool): Whether to descend into directories in
            ``src`` that do not exit in ``dest``. Default is True
        follow_links (bool): Whether to descend into symlinks in ``src``
@@ -1101,23 +1102,23 @@ def find(root, files, recursive=True):

    Accepts any glob characters accepted by fnmatch:

-    =======  ====================================
-    Pattern  Meaning
-    =======  ====================================
-    *        matches everything
-    ?        matches any single character
-    [seq]    matches any character in ``seq``
-    [!seq]   matches any character not in ``seq``
-    =======  ====================================
+    ==========  ====================================
+    Pattern     Meaning
+    ==========  ====================================
+    ``*``       matches everything
+    ``?``       matches any single character
+    ``[seq]``   matches any character in ``seq``
+    ``[!seq]``  matches any character not in ``seq``
+    ==========  ====================================

    Parameters:
        root (str): The root directory to start searching from
        files (str or Sequence): Library name(s) to search for
-        recurse (bool, optional): if False search only root folder,
+        recursive (bool): if False search only root folder,
            if True descends top-down from the root. Defaults to True.

    Returns:
-        list of strings: The files that have been found
+        list: The files that have been found
    """
    if isinstance(files, six.string_types):
        files = [files]
@@ -1199,7 +1200,7 @@ def directories(self):
        ['/dir1', '/dir2']

        Returns:
-            list of strings: A list of directories
+            list: A list of directories
        """
        return list(dedupe(
            os.path.dirname(x) for x in self.files if os.path.dirname(x)
@@ -1217,7 +1218,7 @@ def basenames(self):
        ['a.h', 'b.h']

        Returns:
-            list of strings: A list of base-names
+            list: A list of base-names
        """
        return list(dedupe(os.path.basename(x) for x in self.files))

@@ -1304,7 +1305,7 @@ def headers(self):
        """Stable de-duplication of the headers.

        Returns:
-            list of strings: A list of header files
+            list: A list of header files
        """
        return self.files

@@ -1317,7 +1318,7 @@ def names(self):
        ['a', 'b']

        Returns:
-            list of strings: A list of files without extensions
+            list: A list of files without extensions
        """
        names = []

@@ -1408,9 +1409,9 @@ def find_headers(headers, root, recursive=False):
    =======  ====================================

    Parameters:
-        headers (str or list of str): Header name(s) to search for
+        headers (str or list): Header name(s) to search for
        root (str): The root directory to start searching from
-        recursive (bool, optional): if False search only root folder,
+        recursive (bool): if False search only root folder,
            if True descends top-down from the root. Defaults to False.

    Returns:
@@ -1446,7 +1447,7 @@ def find_all_headers(root):
    in the directory passed as argument.

    Args:
-        root (path): directory where to look recursively for header files
+        root (str): directory where to look recursively for header files

    Returns:
        List of all headers found in ``root`` and subdirectories.
@@ -1466,7 +1467,7 @@ def libraries(self):
        """Stable de-duplication of library files.

        Returns:
-            list of strings: A list of library files
+            list: A list of library files
        """
        return self.files

@@ -1479,7 +1480,7 @@ def names(self):
        ['a', 'b']

        Returns:
-            list of strings: A list of library names
+            list: A list of library names
        """
        names = []

@@ -1564,8 +1565,8 @@ def find_system_libraries(libraries, shared=True):
    =======  ====================================

    Parameters:
-        libraries (str or list of str): Library name(s) to search for
-        shared (bool, optional): if True searches for shared libraries,
+        libraries (str or list): Library name(s) to search for
+        shared (bool): if True searches for shared libraries,
            otherwise for static. Defaults to True.

    Returns:
@@ -1615,11 +1616,11 @@ def find_libraries(libraries, root, shared=True, recursive=False):
    =======  ====================================

    Parameters:
-        libraries (str or list of str): Library name(s) to search for
+        libraries (str or list): Library name(s) to search for
        root (str): The root directory to start searching from
-        shared (bool, optional): if True searches for shared libraries,
+        shared (bool): if True searches for shared libraries,
            otherwise for static. Defaults to True.
-        recursive (bool, optional): if False search only root folder,
+        recursive (bool): if False search only root folder,
            if True descends top-down from the root. Defaults to False.

    Returns:
--- a/lib/spack/llnl/util/lang.py
+++ b/lib/spack/llnl/util/lang.py
@@ -5,14 +5,15 @@

 from __future__ import division

+import functools
+import inspect
 import multiprocessing
 import os
 import re
-import functools
-import inspect
-from datetime import datetime, timedelta
-from six import string_types
 import sys
+from datetime import datetime, timedelta
+
+from six import string_types

 if sys.version_info < (3, 0):
    from itertools import izip_longest  # novm
@@ -257,6 +258,47 @@ def new_dec(*args, **kwargs):
    return new_dec


+def key_ordering(cls):
+    """Decorates a class with extra methods that implement rich comparison
+       operations and ``__hash__``.  The decorator assumes that the class
+       implements a function called ``_cmp_key()``.  The rich comparison
+       operations will compare objects using this key, and the ``__hash__``
+       function will return the hash of this key.
+
+       If a class already has ``__eq__``, ``__ne__``, ``__lt__``, ``__le__``,
+       ``__gt__``, or ``__ge__`` defined, this decorator will overwrite them.
+
+       Raises:
+           TypeError: If the class does not have a ``_cmp_key`` method
+    """
+    def setter(name, value):
+        value.__name__ = name
+        setattr(cls, name, value)
+
+    if not has_method(cls, '_cmp_key'):
+        raise TypeError("'%s' doesn't define _cmp_key()." % cls.__name__)
+
+    setter('__eq__',
+           lambda s, o:
+           (s is o) or (o is not None and s._cmp_key() == o._cmp_key()))
+    setter('__lt__',
+           lambda s, o: o is not None and s._cmp_key() < o._cmp_key())
+    setter('__le__',
+           lambda s, o: o is not None and s._cmp_key() <= o._cmp_key())
+
+    setter('__ne__',
+           lambda s, o:
+           (s is not o) and (o is None or s._cmp_key() != o._cmp_key()))
+    setter('__gt__',
+           lambda s, o: o is None or s._cmp_key() > o._cmp_key())
+    setter('__ge__',
+           lambda s, o: o is None or s._cmp_key() >= o._cmp_key())
+
+    setter('__hash__', lambda self: hash(self._cmp_key()))
+
+    return cls
+
+
 #: sentinel for testing that iterators are done in lazy_lexicographic_ordering
 done = object()

@@ -572,8 +614,8 @@ def pretty_date(time, now=None):
    """Convert a datetime or timestamp to a pretty, relative date.

    Args:
-        time (datetime or int): date to print prettily
-        now (datetime): dateimte for 'now', i.e. the date the pretty date
+        time (datetime.datetime or int): date to print prettily
+        now (datetime.datetime): datetime for 'now', i.e. the date the pretty date
            is relative to (default is datetime.now())

    Returns:
@@ -647,7 +689,7 @@ def pretty_string_to_date(date_str, now=None):
            or be a *pretty date* (like ``yesterday`` or ``two months ago``)

    Returns:
-        (datetime): datetime object corresponding to ``date_str``
+        (datetime.datetime): datetime object corresponding to ``date_str``
    """

    pattern = {}
--- a/lib/spack/llnl/util/link_tree.py
+++ b/lib/spack/llnl/util/link_tree.py
@@ -7,12 +7,12 @@

 from __future__ import print_function

+import filecmp
 import os
 import shutil
-import filecmp

-from llnl.util.filesystem import traverse_tree, mkdirp, touch
 import llnl.util.tty as tty
+from llnl.util.filesystem import mkdirp, touch, traverse_tree

 __all__ = ['LinkTree']

--- a/lib/spack/llnl/util/lock.py
+++ b/lib/spack/llnl/util/lock.py
@@ -3,20 +3,30 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import os
-import fcntl
 import errno
-import time
+import fcntl
+import os
 import socket
+import time
 from datetime import datetime

 import llnl.util.tty as tty
+
 import spack.util.string

-
-__all__ = ['Lock', 'LockTransaction', 'WriteTransaction', 'ReadTransaction',
-           'LockError', 'LockTimeoutError',
-           'LockPermissionError', 'LockROFileError', 'CantCreateLockError']
+__all__ = [
+    'Lock',
+    'LockDowngradeError',
+    'LockUpgradeError',
+    'LockTransaction',
+    'WriteTransaction',
+    'ReadTransaction',
+    'LockError',
+    'LockTimeoutError',
+    'LockPermissionError',
+    'LockROFileError',
+    'CantCreateLockError'
+]

 #: Mapping of supported locks to description
 lock_type = {fcntl.LOCK_SH: 'read', fcntl.LOCK_EX: 'write'}
@@ -401,7 +411,7 @@ def release_read(self, release_fn=None):
        """Releases a read lock.

        Arguments:
-            release_fn (callable): function to call *before* the last recursive
+            release_fn (typing.Callable): function to call *before* the last recursive
                lock (read or write) is released.

        If the last recursive lock will be released, then this will call
@@ -437,7 +447,7 @@ def release_write(self, release_fn=None):
        """Releases a write lock.

        Arguments:
-            release_fn (callable): function to call before the last recursive
+            release_fn (typing.Callable): function to call before the last recursive
                write is released.

        If the last recursive *write* lock will be released, then this
@@ -533,10 +543,10 @@ class LockTransaction(object):
    Arguments:
        lock (Lock): underlying lock for this transaction to be accquired on
            enter and released on exit
-        acquire (callable or contextmanager): function to be called after lock
-            is acquired, or contextmanager to enter after acquire and leave
+        acquire (typing.Callable or contextlib.contextmanager): function to be called
+            after lock is acquired, or contextmanager to enter after acquire and leave
            before release.
-        release (callable): function to be called before release. If
+        release (typing.Callable): function to be called before release. If
            ``acquire`` is a contextmanager, this will be called *after*
            exiting the nexted context and before the lock is released.
        timeout (float): number of seconds to set for the timeout when
--- a/lib/spack/llnl/util/tty/init.py
+++ b/lib/spack/llnl/util/tty/init.py
@@ -5,6 +5,7 @@

 from __future__ import unicode_literals

+import contextlib
 import fcntl
 import os
 import struct
@@ -12,12 +13,13 @@
 import termios
 import textwrap
 import traceback
-import six
 from datetime import datetime
+
+import six
 from six import StringIO
 from six.moves import input

-from llnl.util.tty.color import cprint, cwrite, cescape, clen
+from llnl.util.tty.color import cescape, clen, cprint, cwrite

 # Globals
 _debug = 0
@@ -27,6 +29,7 @@
 _msg_enabled = True
 _warn_enabled = True
 _error_enabled = True
+_output_filter = lambda s: s
 indent = "  "


@@ -89,6 +92,18 @@ def error_enabled():
    return _error_enabled


+@contextlib.contextmanager
+def output_filter(filter_fn):
+    """Context manager that applies a filter to all output."""
+    global _output_filter
+    saved_filter = _output_filter
+    try:
+        _output_filter = filter_fn
+        yield
+    finally:
+        _output_filter = saved_filter
+
+
 class SuppressOutput:
    """Class for disabling output in a scope using 'with' keyword"""

@@ -165,13 +180,23 @@ def msg(message, *args, **kwargs):
    if _stacktrace:
        st_text = process_stacktrace(2)
    if newline:
-        cprint("@*b{%s==>} %s%s" % (
-            st_text, get_timestamp(), cescape(message)))
+        cprint(
+            "@*b{%s==>} %s%s" % (
+                st_text,
+                get_timestamp(),
+                cescape(_output_filter(message))
+            )
+        )
    else:
-        cwrite("@*b{%s==>} %s%s" % (
-            st_text, get_timestamp(), cescape(message)))
+        cwrite(
+            "@*b{%s==>} %s%s" % (
+                st_text,
+                get_timestamp(),
+                cescape(_output_filter(message))
+            )
+        )
    for arg in args:
-        print(indent + six.text_type(arg))
+        print(indent + _output_filter(six.text_type(arg)))


 def info(message, *args, **kwargs):
@@ -187,18 +212,29 @@ def info(message, *args, **kwargs):
    st_text = ""
    if _stacktrace:
        st_text = process_stacktrace(st_countback)
-    cprint("@%s{%s==>} %s%s" % (
-        format, st_text, get_timestamp(), cescape(six.text_type(message))
-    ), stream=stream)
+    cprint(
+        "@%s{%s==>} %s%s" % (
+            format,
+            st_text,
+            get_timestamp(),
+            cescape(_output_filter(six.text_type(message)))
+        ),
+        stream=stream
+    )
    for arg in args:
        if wrap:
            lines = textwrap.wrap(
-                six.text_type(arg), initial_indent=indent,
-                subsequent_indent=indent, break_long_words=break_long_words)
+                _output_filter(six.text_type(arg)),
+                initial_indent=indent,
+                subsequent_indent=indent,
+                break_long_words=break_long_words
+            )
            for line in lines:
                stream.write(line + '\n')
        else:
-            stream.write(indent + six.text_type(arg) + '\n')
+            stream.write(
+                indent + _output_filter(six.text_type(arg)) + '\n'
+            )


 def verbose(message, *args, **kwargs):
--- a/lib/spack/llnl/util/tty/colify.py
+++ b/lib/spack/llnl/util/tty/colify.py
@@ -10,10 +10,11 @@

 import os
 import sys
+
 from six import StringIO, text_type

 from llnl.util.tty import terminal_size
-from llnl.util.tty.color import clen, cextra
+from llnl.util.tty.color import cextra, clen


 class ColumnConfig:
@@ -108,19 +109,17 @@ def colify(elts, **options):
    using ``str()``.

    Keyword Arguments:
-        output (stream): A file object to write to. Default is ``sys.stdout``
-        indent (int):    Optionally indent all columns by some number of spaces
-        padding (int):   Spaces between columns. Default is 2
-        width (int):     Width of the output. Default is 80 if tty not detected
-        cols (int):      Force number of columns. Default is to size to
-                         terminal, or single-column if no tty
-        tty (bool):      Whether to attempt to write to a tty. Default is to
-                         autodetect a tty. Set to False to force single-column
-                         output
-        method (str):    Method to use to fit columns. Options are variable or
-                         uniform. Variable-width columns are tighter, uniform
-                         columns are all the same width and fit less data on
-                         the screen
+        output (typing.IO): A file object to write to. Default is ``sys.stdout``
+        indent (int): Optionally indent all columns by some number of spaces
+        padding (int): Spaces between columns. Default is 2
+        width (int): Width of the output. Default is 80 if tty not detected
+        cols (int): Force number of columns. Default is to size to terminal, or
+            single-column if no tty
+        tty (bool): Whether to attempt to write to a tty. Default is to autodetect a
+            tty. Set to False to force single-column output
+        method (str): Method to use to fit columns. Options are variable or uniform.
+            Variable-width columns are tighter, uniform columns are all the same width
+            and fit less data on the screen
    """
    # Get keyword arguments or set defaults
    cols         = options.pop("cols", 0)
--- a/lib/spack/llnl/util/tty/color.py
+++ b/lib/spack/llnl/util/tty/color.py
@@ -60,9 +60,9 @@
 To output an @, use '@@'.  To output a } inside braces, use '}}'.
 """
 from __future__ import unicode_literals
+
 import re
 import sys
-
 from contextlib import contextmanager

 import six
--- a/lib/spack/llnl/util/tty/log.py
+++ b/lib/spack/llnl/util/tty/log.py
@@ -13,15 +13,14 @@
 import os
 import re
 import select
+import signal
 import sys
 import traceback
-import signal
 from contextlib import contextmanager
-from six import string_types
-from six import StringIO
-
-from typing import Optional  # novm
 from types import ModuleType  # novm
+from typing import Optional  # novm
+
+from six import StringIO, string_types

 import llnl.util.tty as tty

@@ -437,7 +436,7 @@ class log_output(object):
    """

    def __init__(self, file_like=None, echo=False, debug=0, buffer=False,
-                 env=None):
+                 env=None, filter_fn=None):
        """Create a new output log context manager.

        Args:
@@ -447,6 +446,8 @@ def __init__(self, file_like=None, echo=False, debug=0, buffer=False,
            debug (int): positive to enable tty debug mode during logging
            buffer (bool): pass buffer=True to skip unbuffering output; note
                this doesn't set up any *new* buffering
+            filter_fn (callable, optional): Callable[str] -> str to filter each
+                line of output

        log_output can take either a file object or a filename. If a
        filename is passed, the file will be opened and closed entirely
@@ -466,6 +467,7 @@ def __init__(self, file_like=None, echo=False, debug=0, buffer=False,
        self.debug = debug
        self.buffer = buffer
        self.env = env  # the environment to use for _writer_daemon
+        self.filter_fn = filter_fn

        self._active = False  # used to prevent re-entry

@@ -531,20 +533,22 @@ def __enter__(self):
        # Sets a daemon that writes to file what it reads from a pipe
        try:
            # need to pass this b/c multiprocessing closes stdin in child.
+            input_multiprocess_fd = None
            try:
-                input_multiprocess_fd = MultiProcessFd(
-                    os.dup(sys.stdin.fileno())
-                )
+                if sys.stdin.isatty():
+                    input_multiprocess_fd = MultiProcessFd(
+                        os.dup(sys.stdin.fileno())
+                    )
            except BaseException:
                # just don't forward input if this fails
-                input_multiprocess_fd = None
+                pass

            with replace_environment(self.env):
                self.process = multiprocessing.Process(
                    target=_writer_daemon,
                    args=(
                        input_multiprocess_fd, read_multiprocess_fd, write_fd,
-                        self.echo, self.log_file, child_pipe
+                        self.echo, self.log_file, child_pipe, self.filter_fn
                    )
                )
                self.process.daemon = True  # must set before start()
@@ -668,7 +672,7 @@ def force_echo(self):


 def _writer_daemon(stdin_multiprocess_fd, read_multiprocess_fd, write_fd, echo,
-                   log_file_wrapper, control_pipe):
+                   log_file_wrapper, control_pipe, filter_fn):
    """Daemon used by ``log_output`` to write to a log file and to ``stdout``.

    The daemon receives output from the parent process and writes it both
@@ -713,6 +717,7 @@ def _writer_daemon(stdin_multiprocess_fd, read_multiprocess_fd, write_fd, echo,
        log_file_wrapper (FileWrapper): file to log all output
        control_pipe (Pipe): multiprocessing pipe on which to send control
            information to the parent
+        filter_fn (callable, optional): function to filter each line of output

    """
    # If this process was forked, then it will inherit file descriptors from
@@ -771,28 +776,42 @@ def _writer_daemon(stdin_multiprocess_fd, read_multiprocess_fd, write_fd, echo,
                                raise

                if in_pipe in rlist:
-                    # Handle output from the calling process.
-                    line = _retry(in_pipe.readline)()
-                    if not line:
-                        break
+                    line_count = 0
+                    try:
+                        while line_count < 100:
+                            # Handle output from the calling process.
+                            line = _retry(in_pipe.readline)()
+                            if not line:
+                                return
+                            line_count += 1

-                    # find control characters and strip them.
-                    controls = control.findall(line)
-                    line = control.sub('', line)
+                            # find control characters and strip them.
+                            clean_line, num_controls = control.subn('', line)

-                    # Echo to stdout if requested or forced.
-                    if echo or force_echo:
-                        sys.stdout.write(line)
-                        sys.stdout.flush()
+                            # Echo to stdout if requested or forced.
+                            if echo or force_echo:
+                                output_line = clean_line
+                                if filter_fn:
+                                    output_line = filter_fn(clean_line)
+                                sys.stdout.write(output_line)

-                    # Stripped output to log file.
-                    log_file.write(_strip(line))
-                    log_file.flush()
+                            # Stripped output to log file.
+                            log_file.write(_strip(clean_line))

-                    if xon in controls:
-                        force_echo = True
-                    if xoff in controls:
-                        force_echo = False
+                            if num_controls > 0:
+                                controls = control.findall(line)
+                                if xon in controls:
+                                    force_echo = True
+                                if xoff in controls:
+                                    force_echo = False
+
+                            if not _input_available(in_pipe):
+                                break
+                    finally:
+                        if line_count > 0:
+                            if echo or force_echo:
+                                sys.stdout.flush()
+                            log_file.flush()

    except BaseException:
        tty.error("Exception occurred in writer daemon!")
@@ -844,3 +863,7 @@ def wrapped(*args, **kwargs):
                    continue
                raise
    return wrapped
+
+
+def _input_available(f):
+    return f in select.select([f], [], [], 0)[0]
--- a/lib/spack/llnl/util/tty/pty.py
+++ b/lib/spack/llnl/util/tty/pty.py
@@ -14,10 +14,10 @@
 """
 from __future__ import print_function

-import os
-import signal
 import multiprocessing
+import os
 import re
+import signal
 import sys
 import termios
 import time
--- a/lib/spack/spack/init.py
+++ b/lib/spack/spack/init.py
@@ -3,9 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-
 #: major, minor, patch version for Spack, in a tuple
-spack_version_info = (0, 16, 1)
+spack_version_info = (0, 16, 2)

 #: String containing Spack version joined with .'s
 spack_version = '.'.join(str(v) for v in spack_version_info)
--- a/lib/spack/spack/abi.py
+++ b/lib/spack/spack/abi.py
@@ -8,9 +8,9 @@
 from llnl.util.lang import memoized

 import spack.spec
+from spack.compilers.clang import Clang
 from spack.spec import CompilerSpec
 from spack.util.executable import Executable, ProcessError
-from spack.compilers.clang import Clang


 class ABI(object):
--- a/lib/spack/spack/analyzers/init.py
+++ b/lib/spack/spack/analyzers/init.py
@@ -10,11 +10,10 @@

 from __future__ import absolute_import

-import spack.util.classes
-import spack.paths
-
 import llnl.util.tty as tty

+import spack.paths
+import spack.util.classes

 mod_path = spack.paths.analyzers_path
 analyzers = spack.util.classes.list_classes("spack.analyzers", mod_path)
--- a/lib/spack/spack/analyzers/analyzer_base.py
+++ b/lib/spack/spack/analyzers/analyzer_base.py
@@ -7,14 +7,15 @@
 and (optionally) interact with a Spack Monitor
 """

-import spack.monitor
-import spack.hooks
-import llnl.util.tty as tty
-import spack.util.path
-import spack.config
-
 import os

+import llnl.util.tty as tty
+
+import spack.config
+import spack.hooks
+import spack.monitor
+import spack.util.path
+

 def get_analyzer_dir(spec, analyzer_dir=None):
    """
--- a/lib/spack/spack/analyzers/config_args.py
+++ b/lib/spack/spack/analyzers/config_args.py
@@ -8,11 +8,12 @@
 directory."""


-import spack.monitor
-from .analyzer_base import AnalyzerBase
-
 import os

+import spack.monitor
+
+from .analyzer_base import AnalyzerBase
+

 class ConfigArgs(AnalyzerBase):

--- a/lib/spack/spack/analyzers/environment_variables.py
+++ b/lib/spack/spack/analyzers/environment_variables.py
@@ -8,11 +8,11 @@
 an index of key, value pairs for environment variables."""


-from .analyzer_base import AnalyzerBase
+import os
+
 from spack.util.environment import EnvironmentModifications

-
-import os
+from .analyzer_base import AnalyzerBase


 class EnvironmentVariables(AnalyzerBase):
--- a/lib/spack/spack/analyzers/install_files.py
+++ b/lib/spack/spack/analyzers/install_files.py
@@ -8,11 +8,12 @@
 analyzer folder for further processing."""


-import spack.monitor
-from .analyzer_base import AnalyzerBase
-
 import os

+import spack.monitor
+
+from .analyzer_base import AnalyzerBase
+

 class InstallFiles(AnalyzerBase):

--- a/lib/spack/spack/analyzers/libabigail.py
+++ b/lib/spack/spack/analyzers/libabigail.py
@@ -4,20 +4,20 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)


-import spack
-import spack.error
-import spack.bootstrap
-import spack.hooks
-import spack.monitor
-import spack.binary_distribution
-import spack.package
-import spack.repo
+import os

 import llnl.util.tty as tty

-from .analyzer_base import AnalyzerBase
+import spack
+import spack.binary_distribution
+import spack.bootstrap
+import spack.error
+import spack.hooks
+import spack.monitor
+import spack.package
+import spack.repo

-import os
+from .analyzer_base import AnalyzerBase


 class Libabigail(AnalyzerBase):
--- a/lib/spack/spack/architecture.py
+++ b/lib/spack/spack/architecture.py
@@ -60,20 +60,21 @@
 import functools
 import warnings

-import archspec.cpu
 import six

-import llnl.util.tty as tty
+import archspec.cpu
+
 import llnl.util.lang as lang
+import llnl.util.tty as tty

 import spack.compiler
 import spack.compilers
 import spack.config
-import spack.paths
 import spack.error as serr
+import spack.paths
+import spack.util.classes
 import spack.util.executable
 import spack.version
-import spack.util.classes
 from spack.util.spack_yaml import syaml_dict


@@ -192,8 +193,8 @@ def optimization_flags(self, compiler):
        the compiler passed as argument.

        Args:
-            compiler (CompilerSpec or Compiler): object that contains both the
-                name and the version of the compiler we want to use
+            compiler (spack.spec.CompilerSpec or spack.compiler.Compiler): object that
+                contains both the name and the version of the compiler we want to use
        """
        # Mixed toolchains are not supported yet
        import spack.compilers
@@ -592,17 +593,20 @@ def use_platform(new_platform):
    assert isinstance(new_platform, Platform), msg.format(new_platform)

    original_platform_fn, original_all_platforms_fn = platform, all_platforms
-    platform = _PickleableCallable(new_platform)
-    all_platforms = _PickleableCallable([type(new_platform)])

-    # Clear configuration and compiler caches
-    spack.config.config.clear_caches()
-    spack.compilers._cache_config_files = []
+    try:
+        platform = _PickleableCallable(new_platform)
+        all_platforms = _PickleableCallable([type(new_platform)])

-    yield new_platform
+        # Clear configuration and compiler caches
+        spack.config.config.clear_caches()
+        spack.compilers._cache_config_files = []

-    platform, all_platforms = original_platform_fn, original_all_platforms_fn
+        yield new_platform

-    # Clear configuration and compiler caches
-    spack.config.config.clear_caches()
-    spack.compilers._cache_config_files = []
+    finally:
+        platform, all_platforms = original_platform_fn, original_all_platforms_fn
+
+        # Clear configuration and compiler caches
+        spack.config.config.clear_caches()
+        spack.compilers._cache_config_files = []
--- a/lib/spack/spack/audit.py
+++ b/lib/spack/spack/audit.py
@@ -0,0 +1,395 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+"""Classes and functions to register audit checks for various parts of
+Spack and run them on-demand.
+
+To register a new class of sanity checks (e.g. sanity checks for
+compilers.yaml), the first action required is to create a new AuditClass
+object:
+
+.. code-block:: python
+
+   audit_cfgcmp = AuditClass(
+       tag='CFG-COMPILER',
+       description='Sanity checks on compilers.yaml',
+       kwargs=()
+   )
+
+This object is to be used as a decorator to register functions
+that will perform each a single check:
+
+.. code-block:: python
+
+   @audit_cfgcmp
+   def _search_duplicate_compilers(error_cls):
+       pass
+
+These functions need to take as argument the keywords declared when
+creating the decorator object plus an ``error_cls`` argument at the
+end, acting as a factory to create Error objects. It should return a
+(possibly empty) list of errors.
+
+Calls to each of these functions are triggered by the ``run`` method of
+the decorator object, that will forward the keyword arguments passed
+as input.
+"""
+import collections
+import itertools
+
+try:
+    from collections.abc import Sequence  # novm
+except ImportError:
+    from collections import Sequence
+
+#: Map an audit tag to a list of callables implementing checks
+CALLBACKS = {}
+
+#: Map a group of checks to the list of related audit tags
+GROUPS = collections.defaultdict(list)
+
+
+class Error(object):
+    """Information on an error reported in a test."""
+    def __init__(self, summary, details):
+        self.summary = summary
+        self.details = tuple(details)
+
+    def __str__(self):
+        return self.summary + '\n' + '\n'.join([
+            '    ' + detail for detail in self.details
+        ])
+
+    def __eq__(self, other):
+        if self.summary != other.summary or self.details != other.details:
+            return False
+        return True
+
+    def __hash__(self):
+        value = (self.summary, self.details)
+        return hash(value)
+
+
+class AuditClass(Sequence):
+    def __init__(self, group, tag, description, kwargs):
+        """Return an object that acts as a decorator to register functions
+        associated with a specific class of sanity checks.
+
+        Args:
+            group (str): group in which this check is to be inserted
+            tag (str): tag uniquely identifying the class of sanity checks
+            description (str): description of the sanity checks performed
+                by this tag
+            kwargs (tuple of str): keyword arguments that each registered
+                function needs to accept
+        """
+        if tag in CALLBACKS:
+            msg = 'audit class "{0}" already registered'
+            raise ValueError(msg.format(tag))
+
+        self.group = group
+        self.tag = tag
+        self.description = description
+        self.kwargs = kwargs
+        self.callbacks = []
+
+        # Init the list of hooks
+        CALLBACKS[self.tag] = self
+
+        # Update the list of tags in the group
+        GROUPS[self.group].append(self.tag)
+
+    def __call__(self, func):
+        self.callbacks.append(func)
+
+    def __getitem__(self, item):
+        return self.callbacks[item]
+
+    def __len__(self):
+        return len(self.callbacks)
+
+    def run(self, **kwargs):
+        msg = 'please pass "{0}" as keyword arguments'
+        msg = msg.format(', '.join(self.kwargs))
+        assert set(self.kwargs) == set(kwargs), msg
+
+        errors = []
+        kwargs['error_cls'] = Error
+        for fn in self.callbacks:
+            errors.extend(fn(**kwargs))
+
+        return errors
+
+
+def run_group(group, **kwargs):
+    """Run the checks that are part of the group passed as argument.
+
+    Args:
+        group (str): group of checks to be run
+        **kwargs: keyword arguments forwarded to the checks
+
+    Returns:
+        List of (tag, errors) that failed.
+    """
+    reports = []
+    for check in GROUPS[group]:
+        errors = run_check(check, **kwargs)
+        reports.append((check, errors))
+    return reports
+
+
+def run_check(tag, **kwargs):
+    """Run the checks associated with a single tag.
+
+    Args:
+        tag (str): tag of the check
+        **kwargs: keyword arguments forwarded to the checks
+
+    Returns:
+        Errors occurred during the checks
+    """
+    return CALLBACKS[tag].run(**kwargs)
+
+
+# TODO: For the generic check to be useful for end users,
+# TODO: we need to implement hooks like described in
+# TODO: https://github.com/spack/spack/pull/23053/files#r630265011
+#: Generic checks relying on global state
+generic = AuditClass(
+    group='generic',
+    tag='GENERIC',
+    description='Generic checks relying on global variables',
+    kwargs=()
+)
+
+
+#: Sanity checks on compilers.yaml
+config_compiler = AuditClass(
+    group='configs',
+    tag='CFG-COMPILER',
+    description='Sanity checks on compilers.yaml',
+    kwargs=()
+)
+
+
+@config_compiler
+def _search_duplicate_compilers(error_cls):
+    """Report compilers with the same spec and two different definitions"""
+    import spack.config
+    errors = []
+
+    compilers = list(sorted(
+        spack.config.get('compilers'), key=lambda x: x['compiler']['spec']
+    ))
+    for spec, group in itertools.groupby(
+            compilers, key=lambda x: x['compiler']['spec']
+    ):
+        group = list(group)
+        if len(group) == 1:
+            continue
+
+        error_msg = 'Compiler defined multiple times: {0}'
+        try:
+            details = [str(x._start_mark).strip() for x in group]
+        except Exception:
+            details = []
+        errors.append(error_cls(
+            summary=error_msg.format(spec), details=details
+        ))
+
+    return errors
+
+
+#: Sanity checks on packages.yaml
+config_packages = AuditClass(
+    group='configs',
+    tag='CFG-PACKAGES',
+    description='Sanity checks on packages.yaml',
+    kwargs=()
+)
+
+
+@config_packages
+def _search_duplicate_specs_in_externals(error_cls):
+    """Search for duplicate specs declared as externals"""
+    import spack.config
+
+    errors, externals = [], collections.defaultdict(list)
+    packages_yaml = spack.config.get('packages')
+
+    for name, pkg_config in packages_yaml.items():
+        # No externals can be declared under all
+        if name == 'all' or 'externals' not in pkg_config:
+            continue
+
+        current_externals = pkg_config['externals']
+        for entry in current_externals:
+            # Ask for the string representation of the spec to normalize
+            # aspects of the spec that may be represented in multiple ways
+            # e.g. +foo or foo=true
+            key = str(spack.spec.Spec(entry['spec']))
+            externals[key].append(entry)
+
+    for spec, entries in sorted(externals.items()):
+        # If there's a single external for a spec we are fine
+        if len(entries) < 2:
+            continue
+
+        # Otherwise wwe need to report an error
+        error_msg = 'Multiple externals share the same spec: {0}'.format(spec)
+        try:
+            lines = [str(x._start_mark).strip() for x in entries]
+            details = [
+                'Please remove all but one of the following entries:'
+            ] + lines + [
+                'as they might result in non-deterministic hashes'
+            ]
+        except TypeError:
+            details = []
+
+        errors.append(error_cls(summary=error_msg, details=details))
+
+    return errors
+
+
+#: Sanity checks on package directives
+package_directives = AuditClass(
+    group='packages',
+    tag='PKG-DIRECTIVES',
+    description='Sanity checks on specs used in directives',
+    kwargs=('pkgs',)
+)
+
+
+@package_directives
+def _unknown_variants_in_directives(pkgs, error_cls):
+    """Report unknown or wrong variants in directives for this package"""
+    import llnl.util.lang
+
+    import spack.repo
+    import spack.spec
+
+    errors = []
+    for pkg_name in pkgs:
+        pkg = spack.repo.get(pkg_name)
+
+        # Check "conflicts" directive
+        for conflict, triggers in pkg.conflicts.items():
+            for trigger, _ in triggers:
+                vrn = spack.spec.Spec(conflict)
+                try:
+                    vrn.constrain(trigger)
+                except Exception as e:
+                    msg = 'Generic error in conflict for package "{0}": '
+                    errors.append(error_cls(msg.format(pkg.name), [str(e)]))
+                    continue
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='conflicts', error_cls=error_cls
+                ))
+
+        # Check "depends_on" directive
+        for _, triggers in pkg.dependencies.items():
+            triggers = list(triggers)
+            for trigger in list(triggers):
+                vrn = spack.spec.Spec(trigger)
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='depends_on', error_cls=error_cls
+                ))
+
+        # Check "patch" directive
+        for _, triggers in pkg.provided.items():
+            triggers = [spack.spec.Spec(x) for x in triggers]
+            for vrn in triggers:
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='patch', error_cls=error_cls
+                ))
+
+        # Check "resource" directive
+        for vrn in pkg.resources:
+            errors.extend(_analyze_variants_in_directive(
+                pkg, vrn, directive='resource', error_cls=error_cls
+            ))
+
+    return llnl.util.lang.dedupe(errors)
+
+
+@package_directives
+def _unknown_variants_in_dependencies(pkgs, error_cls):
+    """Report unknown dependencies and wrong variants for dependencies"""
+    import spack.repo
+    import spack.spec
+
+    errors = []
+    for pkg_name in pkgs:
+        pkg = spack.repo.get(pkg_name)
+        filename = spack.repo.path.filename_for_package_name(pkg_name)
+        for dependency_name, dependency_data in pkg.dependencies.items():
+            # No need to analyze virtual packages
+            if spack.repo.path.is_virtual(dependency_name):
+                continue
+
+            try:
+                dependency_pkg = spack.repo.get(dependency_name)
+            except spack.repo.UnknownPackageError:
+                # This dependency is completely missing, so report
+                # and continue the analysis
+                summary = (pkg_name + ": unknown package '{0}' in "
+                           "'depends_on' directive".format(dependency_name))
+                details = [
+                    " in " + filename
+                ]
+                errors.append(error_cls(summary=summary, details=details))
+                continue
+
+            for _, dependency_edge in dependency_data.items():
+                dependency_variants = dependency_edge.spec.variants
+                for name, value in dependency_variants.items():
+                    try:
+                        dependency_pkg.variants[name].validate_or_raise(
+                            value, pkg=dependency_pkg
+                        )
+                    except Exception as e:
+                        summary = (pkg_name + ": wrong variant used for a "
+                                   "dependency in a 'depends_on' directive")
+                        error_msg = str(e).strip()
+                        if isinstance(e, KeyError):
+                            error_msg = ('the variant {0} does not '
+                                         'exist'.format(error_msg))
+                        error_msg += " in package '" + dependency_name + "'"
+
+                        errors.append(error_cls(
+                            summary=summary, details=[error_msg, 'in ' + filename]
+                        ))
+
+    return errors
+
+
+def _analyze_variants_in_directive(pkg, constraint, directive, error_cls):
+    import spack.variant
+    variant_exceptions = (
+        spack.variant.InconsistentValidationError,
+        spack.variant.MultipleValuesInExclusiveVariantError,
+        spack.variant.InvalidVariantValueError,
+        KeyError
+    )
+    errors = []
+    for name, v in constraint.variants.items():
+        try:
+            pkg.variants[name].validate_or_raise(v, pkg=pkg)
+        except variant_exceptions as e:
+            summary = pkg.name + ': wrong variant in "{0}" directive'
+            summary = summary.format(directive)
+            filename = spack.repo.path.filename_for_package_name(pkg.name)
+
+            error_msg = str(e).strip()
+            if isinstance(e, KeyError):
+                error_msg = 'the variant {0} does not exist'.format(error_msg)
+
+            err = error_cls(summary=summary, details=[
+                error_msg, 'in ' + filename
+            ])
+
+            errors.append(err)
+
+    return errors
--- a/lib/spack/spack/binary_distribution.py
+++ b/lib/spack/spack/binary_distribution.py
@@ -4,22 +4,21 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

 import codecs
+import glob
+import hashlib
+import json
 import os
 import re
+import shutil
 import sys
 import tarfile
-import shutil
 import tempfile
-import hashlib
-import glob
-from ordereddict_backport import OrderedDict
-
+import traceback
 from contextlib import closing
+
 import ruamel.yaml as yaml
-
-import json
-
-from six.moves.urllib.error import URLError, HTTPError
+from ordereddict_backport import OrderedDict
+from six.moves.urllib.error import HTTPError, URLError

 import llnl.util.lang
 import llnl.util.tty as tty
@@ -29,19 +28,20 @@
 import spack.config as config
 import spack.database as spack_db
 import spack.fetch_strategy as fs
-import spack.util.file_cache as file_cache
+import spack.hash_types as ht
+import spack.hooks.sbang
+import spack.mirror
 import spack.relocate as relocate
+import spack.util.file_cache as file_cache
 import spack.util.gpg
 import spack.util.spack_json as sjson
 import spack.util.spack_yaml as syaml
-import spack.mirror
 import spack.util.url as url_util
 import spack.util.web as web_util
 from spack.caches import misc_cache_location
 from spack.spec import Spec
 from spack.stage import Stage

-
 _build_cache_relative_path = 'build_cache'
 _build_cache_keys_relative_path = '_pgp'

@@ -156,7 +156,7 @@ def _associate_built_specs_with_mirror(self, cache_key, mirror_url):
            with self._index_file_cache.read_transaction(cache_key):
                db._read_from_file(cache_path)

-            spec_list = db.query_local(installed=False)
+            spec_list = db.query_local(installed=False, in_buildcache=True)

            for indexed_spec in spec_list:
                dag_hash = indexed_spec.dag_hash()
@@ -207,7 +207,7 @@ def find_built_spec(self, spec):
        The cache can be updated by calling ``update()`` on the cache.

        Args:
-            spec (Spec): Concrete spec to find
+            spec (spack.spec.Spec): Concrete spec to find

        Returns:
            An list of objects containing the found specs and mirror url where
@@ -584,7 +584,7 @@ def get_buildfile_manifest(spec):
                    added = True

            if relocate.needs_binary_relocation(m_type, m_subtype):
-                if ((m_subtype in ('x-executable', 'x-sharedlib')
+                if ((m_subtype in ('x-executable', 'x-sharedlib', 'x-pie-executable')
                    and sys.platform != 'darwin') or
                   (m_subtype in ('x-mach-binary')
                    and sys.platform == 'darwin') or
@@ -616,9 +616,8 @@ def write_buildinfo_file(spec, workdir, rel=False):
        prefix_to_hash[str(d.prefix)] = d.dag_hash()

    # Create buildinfo data and write it to disk
-    import spack.hooks.sbang as sbang
    buildinfo = {}
-    buildinfo['sbang_install_path'] = sbang.sbang_install_path()
+    buildinfo['sbang_install_path'] = spack.hooks.sbang.sbang_install_path()
    buildinfo['relative_rpaths'] = rel
    buildinfo['buildpath'] = spack.store.layout.root
    buildinfo['spackprefix'] = spack.paths.prefix
@@ -712,12 +711,6 @@ def generate_package_index(cache_prefix):
    cache_prefix.  This page contains a link for each binary package (.yaml)
    under cache_prefix.
    """
-    tmpdir = tempfile.mkdtemp()
-    db_root_dir = os.path.join(tmpdir, 'db_root')
-    db = spack_db.Database(None, db_dir=db_root_dir,
-                           enable_transaction_locking=False,
-                           record_fields=['spec', 'ref_count'])
-
    try:
        file_list = (
            entry
@@ -738,21 +731,90 @@ def generate_package_index(cache_prefix):

    tty.debug('Retrieving spec.yaml files from {0} to build index'.format(
        cache_prefix))
+
+    all_mirror_specs = {}
+
    for file_path in file_list:
        try:
            yaml_url = url_util.join(cache_prefix, file_path)
            tty.debug('fetching {0}'.format(yaml_url))
            _, _, yaml_file = web_util.read_from_url(yaml_url)
            yaml_contents = codecs.getreader('utf-8')(yaml_file).read()
-            # yaml_obj = syaml.load(yaml_contents)
-            # s = Spec.from_yaml(yaml_obj)
+            spec_dict = syaml.load(yaml_contents)
            s = Spec.from_yaml(yaml_contents)
-            db.add(s, None)
+            all_mirror_specs[s.dag_hash()] = {
+                'yaml_url': yaml_url,
+                'spec': s,
+                'num_deps': len(list(s.traverse(root=False))),
+                'binary_cache_checksum': spec_dict['binary_cache_checksum'],
+                'buildinfo': spec_dict['buildinfo'],
+            }
        except (URLError, web_util.SpackWebError) as url_err:
            tty.error('Error reading spec.yaml: {0}'.format(file_path))
            tty.error(url_err)

+    sorted_specs = sorted(all_mirror_specs.keys(),
+                          key=lambda k: all_mirror_specs[k]['num_deps'])
+
+    tmpdir = tempfile.mkdtemp()
+    db_root_dir = os.path.join(tmpdir, 'db_root')
+    db = spack_db.Database(None, db_dir=db_root_dir,
+                           enable_transaction_locking=False,
+                           record_fields=['spec', 'ref_count', 'in_buildcache'])
+
    try:
+        tty.debug('Specs sorted by number of dependencies:')
+        for dag_hash in sorted_specs:
+            spec_record = all_mirror_specs[dag_hash]
+            s = spec_record['spec']
+            num_deps = spec_record['num_deps']
+            tty.debug('  {0}/{1} -> {2}'.format(
+                s.name, dag_hash[:7], num_deps))
+            if num_deps > 0:
+                # Check each of this spec's dependencies (which we have already
+                # processed), as they are the source of truth for their own
+                # full hash.  If the full hash we have for any deps does not
+                # match what those deps have themselves, then we need to splice
+                # this spec with those deps, and push this spliced spec
+                # (spec.yaml file) back to the mirror, as well as update the
+                # all_mirror_specs dictionary with this spliced spec.
+                to_splice = []
+                for dep in s.dependencies():
+                    dep_dag_hash = dep.dag_hash()
+                    if dep_dag_hash in all_mirror_specs:
+                        true_dep = all_mirror_specs[dep_dag_hash]['spec']
+                        if true_dep.full_hash() != dep.full_hash():
+                            to_splice.append(true_dep)
+
+                if to_splice:
+                    tty.debug('    needs the following deps spliced:')
+                    for true_dep in to_splice:
+                        tty.debug('      {0}/{1}'.format(
+                            true_dep.name, true_dep.dag_hash()[:7]))
+                        s = s.splice(true_dep, True)
+
+                    # Push this spliced spec back to the mirror
+                    spliced_yaml = s.to_dict(hash=ht.full_hash)
+                    for key in ['binary_cache_checksum', 'buildinfo']:
+                        spliced_yaml[key] = spec_record[key]
+
+                    temp_yaml_path = os.path.join(tmpdir, 'spliced.spec.yaml')
+                    with open(temp_yaml_path, 'w') as fd:
+                        fd.write(syaml.dump(spliced_yaml))
+
+                    spliced_yaml_url = spec_record['yaml_url']
+                    web_util.push_to_url(
+                        temp_yaml_path, spliced_yaml_url, keep_original=False)
+                    tty.debug('    spliced and wrote {0}'.format(
+                        spliced_yaml_url))
+                    spec_record['spec'] = s
+
+            db.add(s, None)
+            db.mark(s, 'in_buildcache', True)
+
+        # Now that we have fixed any old spec yamls that might have had the wrong
+        # full hash for their dependencies, we can generate the index, compute
+        # the hash, and push those files to the mirror.
        index_json_path = os.path.join(db_root_dir, 'index.json')
        with open(index_json_path, 'w') as f:
            db._write_to_file(f)
@@ -784,6 +846,7 @@ def generate_package_index(cache_prefix):
        msg = 'Encountered problem pushing package index to {0}: {1}'.format(
            cache_prefix, err)
        tty.warn(msg)
+        tty.debug('\n' + traceback.format_exc())
    finally:
        shutil.rmtree(tmpdir)

@@ -1016,14 +1079,14 @@ def download_tarball(spec, preferred_mirrors=None):
    path to downloaded tarball if successful, None otherwise.

    Args:
-        spec (Spec): Concrete spec
+        spec (spack.spec.Spec): Concrete spec
        preferred_mirrors (list): If provided, this is a list of preferred
-        mirror urls.  Other configured mirrors will only be used if the
-        tarball can't be retrieved from one of these.
+            mirror urls.  Other configured mirrors will only be used if the
+            tarball can't be retrieved from one of these.

    Returns:
        Path to the downloaded tarball, or ``None`` if the tarball could not
-            be downloaded from any configured mirrors.
+        be downloaded from any configured mirrors.
    """
    if not spack.mirror.MirrorCollection():
        tty.die("Please add a spack mirror to allow " +
@@ -1106,8 +1169,6 @@ def relocate_package(spec, allow_root):
    """
    Relocate the given package
    """
-    import spack.hooks.sbang as sbang
-
    workdir = str(spec.prefix)
    buildinfo = read_buildinfo_file(workdir)
    new_layout_root = str(spack.store.layout.root)
@@ -1146,7 +1207,8 @@ def relocate_package(spec, allow_root):
    prefix_to_prefix_bin = OrderedDict({})

    if old_sbang_install_path:
-        prefix_to_prefix_text[old_sbang_install_path] = sbang.sbang_install_path()
+        install_path = spack.hooks.sbang.sbang_install_path()
+        prefix_to_prefix_text[old_sbang_install_path] = install_path

    prefix_to_prefix_text[old_prefix] = new_prefix
    prefix_to_prefix_bin[old_prefix] = new_prefix
@@ -1160,7 +1222,7 @@ def relocate_package(spec, allow_root):
    # now a POSIX script that lives in the install prefix. Old packages
    # will have the old sbang location in their shebangs.
    orig_sbang = '#!/bin/bash {0}/bin/sbang'.format(old_spack_prefix)
-    new_sbang = sbang.sbang_shebang_line()
+    new_sbang = spack.hooks.sbang.sbang_shebang_line()
    prefix_to_prefix_text[orig_sbang] = new_sbang

    tty.debug("Relocating package from",
@@ -1392,7 +1454,7 @@ def get_mirrors_for_spec(spec=None, full_hash_match=False,
    indicating the mirrors on which it can be found

    Args:
-        spec (Spec): The spec to look for in binary mirrors
+        spec (spack.spec.Spec): The spec to look for in binary mirrors
        full_hash_match (bool): If True, only includes mirrors where the spec
            full hash matches the locally computed full hash of the ``spec``
            argument.  If False, any mirror which has a matching DAG hash
@@ -1557,7 +1619,9 @@ def push_keys(*mirrors, **kwargs):
                filename = fingerprint + '.pub'

                export_target = os.path.join(prefix, filename)
-                spack.util.gpg.export_keys(export_target, fingerprint)
+
+                # Export public keys (private is set to False)
+                spack.util.gpg.export_keys(export_target, [fingerprint])

                # If mirror is local, the above export writes directly to the
                # mirror (export_target points directly to the mirror).
@@ -1667,11 +1731,11 @@ def check_specs_against_mirrors(mirrors, specs, output_file=None,

    Arguments:
        mirrors (dict): Mirrors to check against
-        specs (iterable): Specs to check against mirrors
-        output_file (string): Path to output file to be written.  If provided,
+        specs (typing.Iterable): Specs to check against mirrors
+        output_file (str): Path to output file to be written.  If provided,
            mirrors with missing or out-of-date specs will be formatted as a
            JSON object and written to this file.
-        rebuild_on_errors (boolean): Treat any errors encountered while
+        rebuild_on_errors (bool): Treat any errors encountered while
            checking specs as a signal to rebuild package.

    Returns: 1 if any spec was out-of-date on any mirror, 0 otherwise.
--- a/lib/spack/spack/bootstrap.py
+++ b/lib/spack/spack/bootstrap.py
@@ -3,8 +3,10 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 import contextlib
+import json
 import os
 import sys
+
 try:
    import sysconfig  # novm
 except ImportError:
@@ -17,15 +19,226 @@
 import llnl.util.tty as tty

 import spack.architecture
+import spack.binary_distribution
 import spack.config
+import spack.main
 import spack.paths
 import spack.repo
 import spack.spec
 import spack.store
 import spack.user_environment as uenv
 import spack.util.executable
+import spack.util.path
 from spack.util.environment import EnvironmentModifications

+#: Map a bootstrapper type to the corresponding class
+_bootstrap_methods = {}
+
+
+def _bootstrapper(type):
+    """Decorator to register classes implementing bootstrapping
+    methods.
+
+    Args:
+        type (str): string identifying the class
+    """
+    def _register(cls):
+        _bootstrap_methods[type] = cls
+        return cls
+    return _register
+
+
+def _try_import_from_store(module, abstract_spec_str):
+    """Return True if the module can be imported from an already
+    installed spec, False otherwise.
+
+    Args:
+        module: Python module to be imported
+        abstract_spec_str: abstract spec that may provide the module
+    """
+    bincache_platform = spack.architecture.real_platform()
+    if str(bincache_platform) == 'cray':
+        bincache_platform = spack.platforms.linux.Linux()
+        with spack.architecture.use_platform(bincache_platform):
+            abstract_spec_str = str(spack.spec.Spec(abstract_spec_str))
+
+    # We have to run as part of this python interpreter
+    abstract_spec_str += ' ^' + spec_for_current_python()
+
+    installed_specs = spack.store.db.query(abstract_spec_str, installed=True)
+
+    for candidate_spec in installed_specs:
+        lib_spd = candidate_spec['python'].package.default_site_packages_dir
+        lib64_spd = lib_spd.replace('lib/', 'lib64/')
+        module_paths = [
+            os.path.join(candidate_spec.prefix, lib_spd),
+            os.path.join(candidate_spec.prefix, lib64_spd)
+        ]
+        sys.path.extend(module_paths)
+
+        try:
+            if _python_import(module):
+                msg = ('[BOOTSTRAP MODULE {0}] The installed spec "{1}/{2}" '
+                       'provides the "{0}" Python module').format(
+                    module, abstract_spec_str, candidate_spec.dag_hash()
+                )
+                tty.debug(msg)
+                return True
+        except Exception as e:
+            msg = ('unexpected error while trying to import module '
+                   '"{0}" from spec "{1}" [error="{2}"]')
+            tty.warn(msg.format(module, candidate_spec, str(e)))
+        else:
+            msg = "Spec {0} did not provide module {1}"
+            tty.warn(msg.format(candidate_spec, module))
+
+        sys.path = sys.path[:-2]
+
+    return False
+
+
+@_bootstrapper(type='buildcache')
+class _BuildcacheBootstrapper(object):
+    """Install the software needed during bootstrapping from a buildcache."""
+    def __init__(self, conf):
+        self.name = conf['name']
+        self.url = conf['info']['url']
+
+    def try_import(self, module, abstract_spec_str):
+        # This import is local since it is needed only on Cray
+        import spack.platforms.linux
+
+        if _try_import_from_store(module, abstract_spec_str):
+            return True
+
+        # Try to install from an unsigned binary cache
+        abstract_spec = spack.spec.Spec(
+            abstract_spec_str + ' ^' + spec_for_current_python()
+        )
+
+        # On Cray we want to use Linux binaries if available from mirrors
+        bincache_platform = spack.architecture.real_platform()
+        if str(bincache_platform) == 'cray':
+            bincache_platform = spack.platforms.linux.Linux()
+            with spack.architecture.use_platform(bincache_platform):
+                abstract_spec = spack.spec.Spec(
+                    abstract_spec_str + ' ^' + spec_for_current_python()
+                )
+
+        # Read information on verified clingo binaries
+        json_filename = '{0}.json'.format(module)
+        json_path = os.path.join(
+            spack.paths.share_path, 'bootstrap', self.name, json_filename
+        )
+        with open(json_path) as f:
+            data = json.load(f)
+
+        buildcache = spack.main.SpackCommand('buildcache')
+        # Ensure we see only the buildcache being used to bootstrap
+        mirror_scope = spack.config.InternalConfigScope(
+            'bootstrap', {'mirrors:': {self.name: self.url}}
+        )
+        with spack.config.override(mirror_scope):
+            # This index is currently needed to get the compiler used to build some
+            # specs that wwe know by dag hash.
+            spack.binary_distribution.binary_index.regenerate_spec_cache()
+            index = spack.binary_distribution.update_cache_and_get_specs()
+            for item in data['verified']:
+                candidate_spec = item['spec']
+                python_spec = item['python']
+                # Skip specs which are not compatible
+                if not abstract_spec.satisfies(candidate_spec):
+                    continue
+
+                if python_spec not in abstract_spec:
+                    continue
+
+                for pkg_name, pkg_hash, pkg_sha256 in item['binaries']:
+                    msg = ('[BOOTSTRAP MODULE {0}] Try installing "{1}" from binary '
+                           'cache at "{2}"')
+                    tty.debug(msg.format(module, pkg_name, self.url))
+                    index_spec = next(x for x in index if x.dag_hash() == pkg_hash)
+                    # Reconstruct the compiler that we need to use for bootstrapping
+                    compiler_entry = {
+                        "modules": [],
+                        "operating_system": str(index_spec.os),
+                        "paths": {
+                            "cc": "/dev/null",
+                            "cxx": "/dev/null",
+                            "f77": "/dev/null",
+                            "fc": "/dev/null"
+                        },
+                        "spec": str(index_spec.compiler),
+                        "target": str(index_spec.target.family)
+                    }
+                    with spack.architecture.use_platform(bincache_platform):
+                        with spack.config.override(
+                                'compilers', [{'compiler': compiler_entry}]
+                        ):
+                            spec_str = '/' + pkg_hash
+                            install_args = [
+                                'install',
+                                '--sha256', pkg_sha256,
+                                '-a', '-u', '-o', '-f', spec_str
+                            ]
+                            buildcache(*install_args, fail_on_error=False)
+                # TODO: undo installations that didn't complete?
+
+                if _try_import_from_store(module, abstract_spec_str):
+                    return True
+        return False
+
+
+@_bootstrapper(type='install')
+class _SourceBootstrapper(object):
+    """Install the software needed during bootstrapping from sources."""
+    def __init__(self, conf):
+        self.conf = conf
+
+    @staticmethod
+    def try_import(module, abstract_spec_str):
+        if _try_import_from_store(module, abstract_spec_str):
+            return True
+
+        # Try to build and install from sources
+        with spack_python_interpreter():
+            # Add hint to use frontend operating system on Cray
+            if str(spack.architecture.platform()) == 'cray':
+                abstract_spec_str += ' os=fe'
+
+            concrete_spec = spack.spec.Spec(
+                abstract_spec_str + ' ^' + spec_for_current_python()
+            )
+
+            if module == 'clingo':
+                # TODO: remove when the old concretizer is deprecated
+                concrete_spec._old_concretize()
+            else:
+                concrete_spec.concretize()
+
+        msg = "[BOOTSTRAP MODULE {0}] Try installing '{1}' from sources"
+        tty.debug(msg.format(module, abstract_spec_str))
+
+        # Install the spec that should make the module importable
+        concrete_spec.package.do_install()
+
+        return _try_import_from_store(module, abstract_spec_str=abstract_spec_str)
+
+
+def _make_bootstrapper(conf):
+    """Return a bootstrap object built according to the
+    configuration argument
+    """
+    btype = conf['type']
+    return _bootstrap_methods[btype](conf)
+
+
+def _source_is_trusted(conf):
+    trusted, name = spack.config.get('bootstrap:trusted'), conf['name']
+    if name not in trusted:
+        return False
+    return trusted[name]
+

 def spec_for_current_python():
    """For bootstrapping purposes we are just interested in the Python
@@ -66,69 +279,58 @@ def spack_python_interpreter():
        yield


-def make_module_available(module, spec=None, install=False):
-    """Ensure module is importable"""
-    # If we already can import it, that's great
-    try:
-        __import__(module)
+def ensure_module_importable_or_raise(module, abstract_spec=None):
+    """Make the requested module available for import, or raise.
+
+    This function tries to import a Python module in the current interpreter
+    using, in order, the methods configured in bootstrap.yaml.
+
+    If none of the methods succeed, an exception is raised. The function exits
+    on first success.
+
+    Args:
+        module (str): module to be imported in the current interpreter
+        abstract_spec (str): abstract spec that might provide the module. If not
+            given it defaults to "module"
+
+    Raises:
+        ImportError: if the module couldn't be imported
+    """
+    # If we can import it already, that's great
+    tty.debug("[BOOTSTRAP MODULE {0}] Try importing from Python".format(module))
+    if _python_import(module):
        return
-    except ImportError:
-        pass

-    # If it's already installed, use it
-    # Search by spec
-    spec = spack.spec.Spec(spec or module)
+    abstract_spec = abstract_spec or module
+    source_configs = spack.config.get('bootstrap:sources', [])
+    for current_config in source_configs:
+        if not _source_is_trusted(current_config):
+            msg = ('[BOOTSTRAP MODULE {0}] Skipping source "{1}" since it is '
+                   'not trusted').format(module, current_config['name'])
+            tty.debug(msg)
+            continue

-    # We have to run as part of this python
-    # We can constrain by a shortened version in place of a version range
-    # because this spec is only used for querying or as a placeholder to be
-    # replaced by an external that already has a concrete version. This syntax
-    # is not sufficient when concretizing without an external, as it will
-    # concretize to python@X.Y instead of python@X.Y.Z
-    python_requirement = '^' + spec_for_current_python()
-    spec.constrain(python_requirement)
-    installed_specs = spack.store.db.query(spec, installed=True)
-
-    for ispec in installed_specs:
-        # TODO: make sure run-environment is appropriate
-        module_path = os.path.join(ispec.prefix,
-                                   ispec['python'].package.site_packages_dir)
-        module_path_64 = module_path.replace('/lib/', '/lib64/')
+        b = _make_bootstrapper(current_config)
        try:
-            sys.path.append(module_path)
-            sys.path.append(module_path_64)
-            __import__(module)
-            return
-        except ImportError:
-            tty.warn("Spec %s did not provide module %s" % (ispec, module))
-            sys.path = sys.path[:-2]
+            if b.try_import(module, abstract_spec):
+                return
+        except Exception as e:
+            msg = '[BOOTSTRAP MODULE {0}] Unexpected error "{1}"'
+            tty.debug(msg.format(module, str(e)))

-    def _raise_error(module_name, module_spec):
-        error_msg = 'cannot import module "{0}"'.format(module_name)
-        if module_spec:
-            error_msg += ' from spec "{0}'.format(module_spec)
-        raise ImportError(error_msg)
+    # We couldn't import in any way, so raise an import error
+    msg = 'cannot bootstrap the "{0}" Python module'.format(module)
+    if abstract_spec:
+        msg += ' from spec "{0}"'.format(abstract_spec)
+    raise ImportError(msg)

-    if not install:
-        _raise_error(module, spec)

-    with spack_python_interpreter():
-        # We will install for ourselves, using this python if needed
-        # Concretize the spec
-        spec.concretize()
-    spec.package.do_install()
-
-    module_path = os.path.join(spec.prefix,
-                               spec['python'].package.site_packages_dir)
-    module_path_64 = module_path.replace('/lib/', '/lib64/')
+def _python_import(module):
    try:
-        sys.path.append(module_path)
-        sys.path.append(module_path_64)
        __import__(module)
-        return
    except ImportError:
-        sys.path = sys.path[:-2]
-        _raise_error(module, spec)
+        return False
+    return True


 def get_executable(exe, spec=None, install=False):
@@ -136,13 +338,14 @@ def get_executable(exe, spec=None, install=False):

    Args:
        exe (str): needed executable name
-        spec (Spec or str): spec to search for exe in (default exe)
+        spec (spack.spec.Spec or str): spec to search for exe in (default exe)
        install (bool): install spec if not available

    When ``install`` is True, Spack will use the python used to run Spack as an
    external. The ``install`` option should only be used with packages that
    install quickly (when using external python) or are guaranteed by Spack
-    organization to be in a binary mirror (clingo)."""
+    organization to be in a binary mirror (clingo).
+    """
    # Search the system first
    runner = spack.util.executable.which(exe)
    if runner:
@@ -215,9 +418,10 @@ def _bootstrap_config_scopes():

@contextlib.contextmanager
 def ensure_bootstrap_configuration():
+    bootstrap_store_path = store_path()
    with spack.architecture.use_platform(spack.architecture.real_platform()):
        with spack.repo.use_repositories(spack.paths.packages_path):
-            with spack.store.use_store(spack.paths.user_bootstrap_store):
+            with spack.store.use_store(bootstrap_store_path):
                # Default configuration scopes excluding command line
                # and builtin but accounting for platform specific scopes
                config_scopes = _bootstrap_config_scopes()
@@ -226,6 +430,23 @@ def ensure_bootstrap_configuration():
                        yield


+def store_path():
+    """Path to the store used for bootstrapped software"""
+    enabled = spack.config.get('bootstrap:enable', True)
+    if not enabled:
+        msg = ('bootstrapping is currently disabled. '
+               'Use "spack bootstrap enable" to enable it')
+        raise RuntimeError(msg)
+
+    bootstrap_root_path = spack.config.get(
+        'bootstrap:root', spack.paths.user_bootstrap_path
+    )
+    bootstrap_store_path = spack.util.path.canonicalize_path(
+        os.path.join(bootstrap_root_path, 'store')
+    )
+    return bootstrap_store_path
+
+
 def clingo_root_spec():
    # Construct the root spec that will be used to bootstrap clingo
    spec_str = 'clingo-bootstrap@spack+python'
@@ -237,14 +458,17 @@ def clingo_root_spec():
    else:
        spec_str += ' %gcc'

-    # Add hint to use frontend operating system on Cray
-    if str(spack.architecture.platform()) == 'cray':
-        spec_str += ' os=fe'
-
    # Add the generic target
    generic_target = archspec.cpu.host().family
    spec_str += ' target={0}'.format(str(generic_target))

    tty.debug('[BOOTSTRAP ROOT SPEC] clingo: {0}'.format(spec_str))

-    return spack.spec.Spec(spec_str)
+    return spec_str
+
+
+def ensure_clingo_importable_or_raise():
+    """Ensure that the clingo module is available for import."""
+    ensure_module_importable_or_raise(
+        module='clingo', abstract_spec=clingo_root_spec()
+    )
--- a/lib/spack/spack/build_environment.py
+++ b/lib/spack/spack/build_environment.py
@@ -33,44 +33,52 @@
 calls you can make from within the install() function.
 """
 import inspect
-import re
 import multiprocessing
 import os
+import re
 import shutil
 import sys
 import traceback
 import types
+
 from six import StringIO

 import llnl.util.tty as tty
-from llnl.util.tty.color import cescape, colorize
-from llnl.util.filesystem import mkdirp, install, install_tree
+from llnl.util.filesystem import install, install_tree, mkdirp
 from llnl.util.lang import dedupe
+from llnl.util.tty.color import cescape, colorize
 from llnl.util.tty.log import MultiProcessFd

+import spack.architecture as arch
 import spack.build_systems.cmake
 import spack.build_systems.meson
 import spack.config
+import spack.install_test
 import spack.main
-import spack.paths
 import spack.package
+import spack.paths
 import spack.repo
 import spack.schema.environment
 import spack.store
-import spack.install_test
 import spack.subprocess_context
-import spack.architecture as arch
 import spack.util.path
-from spack.util.string import plural
-from spack.util.environment import (
-    env_flag, filter_system_paths, get_path, is_system_path,
-    EnvironmentModifications, validate, preserve_environment)
-from spack.util.environment import system_dirs
-from spack.error import NoLibrariesError, NoHeadersError
-from spack.util.executable import Executable
-from spack.util.module_cmd import load_module, path_from_modules, module
-from spack.util.log_parse import parse_log_events, make_log_context
+from spack.error import NoHeadersError, NoLibrariesError
 from spack.util.cpus import cpus_available
+from spack.util.environment import (
+    EnvironmentModifications,
+    env_flag,
+    filter_system_paths,
+    get_path,
+    is_system_path,
+    preserve_environment,
+    system_dirs,
+    validate,
+)
+from spack.util.executable import Executable
+from spack.util.log_parse import make_log_context, parse_log_events
+from spack.util.module_cmd import load_module, module, path_from_modules
+from spack.util.string import plural
+
 #
 # This can be set by the user to globally disable parallel builds.
 #
@@ -78,7 +86,7 @@

 #
 # These environment variables are set by
-# set_build_environment_variables and used to pass parameters to
+# set_wrapper_variables and used to pass parameters to
 # Spack's compiler wrappers.
 #
 SPACK_ENV_PATH = 'SPACK_ENV_PATH'
@@ -159,6 +167,12 @@ def clean_environment():
    env.unset('CPLUS_INCLUDE_PATH')
    env.unset('OBJC_INCLUDE_PATH')

+    env.unset('CMAKE_PREFIX_PATH')
+
+    # Avoid that libraries of build dependencies get hijacked.
+    env.unset('LD_PRELOAD')
+    env.unset('DYLD_INSERT_LIBRARIES')
+
    # On Cray "cluster" systems, unset CRAY_LD_LIBRARY_PATH to avoid
    # interference with Spack dependencies.
    # CNL requires these variables to be set (or at least some of them,
@@ -306,113 +320,20 @@ def set_compiler_environment_variables(pkg, env):
    return env


-def _place_externals_last(spec_container):
+def set_wrapper_variables(pkg, env):
+    """Set environment variables used by the Spack compiler wrapper
+       (which have the prefix `SPACK_`) and also add the compiler wrappers
+       to PATH.
+
+       This determines the injected -L/-I/-rpath options; each
+       of these specifies a search order and this function computes these
+       options in a manner that is intended to match the DAG traversal order
+       in `modifications_from_dependencies`: that method uses a post-order
+       traversal so that `PrependPath` actions from dependencies take lower
+       precedence; we use a post-order traversal here to match the visitation
+       order of `modifications_from_dependencies` (so we are visiting the
+       lowest priority packages first).
    """
-    For a (possibly unordered) container of specs, return an ordered list
-    where all external specs are at the end of the list. External packages
-    may be installed in merged prefixes with other packages, and so
-    they should be deprioritized for any search order (i.e. in PATH, or
-    for a set of -L entries in a compiler invocation).
-    """
-    first = list(x for x in spec_container if not x.external)
-    second = list(x for x in spec_container if x.external)
-    return first + second
-
-
-def set_build_environment_variables(pkg, env, dirty):
-    """Ensure a clean install environment when we build packages.
-
-    This involves unsetting pesky environment variables that may
-    affect the build. It also involves setting environment variables
-    used by Spack's compiler wrappers.
-
-    Args:
-        pkg: The package we are building
-        env: The build environment
-        dirty (bool): Skip unsetting the user's environment settings
-    """
-    # Gather information about various types of dependencies
-    build_deps      = set(pkg.spec.dependencies(deptype=('build', 'test')))
-    link_deps       = set(pkg.spec.traverse(root=False, deptype=('link')))
-    build_link_deps = build_deps | link_deps
-    rpath_deps      = get_rpath_deps(pkg)
-    # This includes all build dependencies and any other dependencies that
-    # should be added to PATH (e.g. supporting executables run by build
-    # dependencies)
-    build_and_supporting_deps = set()
-    for build_dep in build_deps:
-        build_and_supporting_deps.update(build_dep.traverse(deptype='run'))
-
-    # Establish an arbitrary but fixed ordering of specs so that resulting
-    # environment variable values are stable
-    def _order(specs):
-        return sorted(specs, key=lambda x: x.name)
-
-    # External packages may be installed in a prefix which contains many other
-    # package installs. To avoid having those installations override
-    # Spack-installed packages, they are placed at the end of search paths.
-    # System prefixes are removed entirely later on since they are already
-    # searched.
-    build_deps = _place_externals_last(_order(build_deps))
-    link_deps = _place_externals_last(_order(link_deps))
-    build_link_deps = _place_externals_last(_order(build_link_deps))
-    rpath_deps = _place_externals_last(_order(rpath_deps))
-    build_and_supporting_deps = _place_externals_last(
-        _order(build_and_supporting_deps))
-
-    link_dirs = []
-    include_dirs = []
-    rpath_dirs = []
-
-    # The top-level package is always RPATHed. It hasn't been installed yet
-    # so the RPATHs are added unconditionally (e.g. even though lib64/ may
-    # not be created for the install).
-    for libdir in ['lib', 'lib64']:
-        lib_path = os.path.join(pkg.prefix, libdir)
-        rpath_dirs.append(lib_path)
-
-    # Set up link, include, RPATH directories that are passed to the
-    # compiler wrapper
-    for dep in link_deps:
-        if is_system_path(dep.prefix):
-            continue
-        query = pkg.spec[dep.name]
-        dep_link_dirs = list()
-        try:
-            dep_link_dirs.extend(query.libs.directories)
-        except NoLibrariesError:
-            tty.debug("No libraries found for {0}".format(dep.name))
-
-        for default_lib_dir in ['lib', 'lib64']:
-            default_lib_prefix = os.path.join(dep.prefix, default_lib_dir)
-            if os.path.isdir(default_lib_prefix):
-                dep_link_dirs.append(default_lib_prefix)
-
-        link_dirs.extend(dep_link_dirs)
-        if dep in rpath_deps:
-            rpath_dirs.extend(dep_link_dirs)
-
-        try:
-            include_dirs.extend(query.headers.directories)
-        except NoHeadersError:
-            tty.debug("No headers found for {0}".format(dep.name))
-
-    link_dirs = list(dedupe(filter_system_paths(link_dirs)))
-    include_dirs = list(dedupe(filter_system_paths(include_dirs)))
-    rpath_dirs = list(dedupe(filter_system_paths(rpath_dirs)))
-
-    env.set(SPACK_LINK_DIRS, ':'.join(link_dirs))
-    env.set(SPACK_INCLUDE_DIRS, ':'.join(include_dirs))
-    env.set(SPACK_RPATH_DIRS, ':'.join(rpath_dirs))
-
-    build_and_supporting_prefixes = filter_system_paths(
-        x.prefix for x in build_and_supporting_deps)
-    build_link_prefixes = filter_system_paths(
-        x.prefix for x in build_link_deps)
-
-    # Add dependencies to CMAKE_PREFIX_PATH
-    env.set_path('CMAKE_PREFIX_PATH', build_link_prefixes)
-
    # Set environment variables if specified for
    # the given compiler
    compiler = pkg.compiler
@@ -422,16 +343,6 @@ def _order(specs):
        extra_rpaths = ':'.join(compiler.extra_rpaths)
        env.set('SPACK_COMPILER_EXTRA_RPATHS', extra_rpaths)

-    # Add bin directories from dependencies to the PATH for the build.
-    # These directories are added to the beginning of the search path, and in
-    # the order given by 'build_and_supporting_prefixes' (the iteration order
-    # is reversed because each entry is prepended)
-    for prefix in reversed(build_and_supporting_prefixes):
-        for dirname in ['bin', 'bin64']:
-            bin_dir = os.path.join(prefix, dirname)
-            if os.path.isdir(bin_dir):
-                env.prepend_path('PATH', bin_dir)
-
    # Add spack build environment path with compiler wrappers first in
    # the path. We add the compiler wrapper path, which includes default
    # wrappers (cc, c++, f77, f90), AND a subdirectory containing
@@ -451,6 +362,7 @@ def _order(specs):
        if os.path.isdir(ci):
            env_paths.append(ci)

+    tty.debug("Adding compiler bin/ paths: " + " ".join(env_paths))
    for item in env_paths:
        env.prepend_path('PATH', item)
    env.set_path(SPACK_ENV_PATH, env_paths)
@@ -469,14 +381,69 @@ def _order(specs):
            raise RuntimeError("No ccache binary found in PATH")
        env.set(SPACK_CCACHE_BINARY, ccache)

-    # Add any pkgconfig directories to PKG_CONFIG_PATH
-    for prefix in reversed(build_link_prefixes):
-        for directory in ('lib', 'lib64', 'share'):
-            pcdir = os.path.join(prefix, directory, 'pkgconfig')
-            if os.path.isdir(pcdir):
-                env.prepend_path('PKG_CONFIG_PATH', pcdir)
+    # Gather information about various types of dependencies
+    link_deps  = set(pkg.spec.traverse(root=False, deptype=('link')))
+    rpath_deps = get_rpath_deps(pkg)

-    return env
+    link_dirs = []
+    include_dirs = []
+    rpath_dirs = []
+
+    def _prepend_all(list_to_modify, items_to_add):
+        # Update the original list (creating a new list would be faster but
+        # may not be convenient)
+        for item in reversed(list(items_to_add)):
+            list_to_modify.insert(0, item)
+
+    def update_compiler_args_for_dep(dep):
+        if dep in link_deps and (not is_system_path(dep.prefix)):
+            query = pkg.spec[dep.name]
+            dep_link_dirs = list()
+            try:
+                dep_link_dirs.extend(query.libs.directories)
+            except NoLibrariesError:
+                tty.debug("No libraries found for {0}".format(dep.name))
+
+            for default_lib_dir in ['lib', 'lib64']:
+                default_lib_prefix = os.path.join(
+                    dep.prefix, default_lib_dir)
+                if os.path.isdir(default_lib_prefix):
+                    dep_link_dirs.append(default_lib_prefix)
+
+            _prepend_all(link_dirs, dep_link_dirs)
+            if dep in rpath_deps:
+                _prepend_all(rpath_dirs, dep_link_dirs)
+
+            try:
+                _prepend_all(include_dirs, query.headers.directories)
+            except NoHeadersError:
+                tty.debug("No headers found for {0}".format(dep.name))
+
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if dspec.external:
+            update_compiler_args_for_dep(dspec)
+
+    # Just above, we prepended entries for -L/-rpath for externals. We
+    # now do this for non-external packages so that Spack-built packages
+    # are searched first for libraries etc.
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if not dspec.external:
+            update_compiler_args_for_dep(dspec)
+
+    # The top-level package is always RPATHed. It hasn't been installed yet
+    # so the RPATHs are added unconditionally (e.g. even though lib64/ may
+    # not be created for the install).
+    for libdir in ['lib64', 'lib']:
+        lib_path = os.path.join(pkg.prefix, libdir)
+        rpath_dirs.insert(0, lib_path)
+
+    link_dirs = list(dedupe(filter_system_paths(link_dirs)))
+    include_dirs = list(dedupe(filter_system_paths(include_dirs)))
+    rpath_dirs = list(dedupe(filter_system_paths(rpath_dirs)))
+
+    env.set(SPACK_LINK_DIRS, ':'.join(link_dirs))
+    env.set(SPACK_INCLUDE_DIRS, ':'.join(include_dirs))
+    env.set(SPACK_RPATH_DIRS, ':'.join(rpath_dirs))


 def determine_number_of_jobs(
@@ -488,11 +455,11 @@ def determine_number_of_jobs(
    cap to the number of CPUs available to avoid oversubscription.

    Parameters:
-        parallel (bool): true when package supports parallel builds
-        command_line (int/None): command line override
-        config_default (int/None): config default number of jobs
-        max_cpus (int/None): maximum number of CPUs available. When None, this
-                             value is automatically determined.
+        parallel (bool or None): true when package supports parallel builds
+        command_line (int or None): command line override
+        config_default (int or None): config default number of jobs
+        max_cpus (int or None): maximum number of CPUs available. When None, this
+            value is automatically determined.
    """
    if not parallel:
        return 1
@@ -718,14 +685,14 @@ def get_std_cmake_args(pkg):
    """List of standard arguments used if a package is a CMakePackage.

    Returns:
-        list of str: standard arguments that would be used if this
+        list: standard arguments that would be used if this
        package were a CMakePackage instance.

    Args:
-        pkg (PackageBase): package under consideration
+        pkg (spack.package.PackageBase): package under consideration

    Returns:
-        list of str: arguments for cmake
+        list: arguments for cmake
    """
    return spack.build_systems.cmake.CMakePackage._std_args(pkg)

@@ -734,14 +701,14 @@ def get_std_meson_args(pkg):
    """List of standard arguments used if a package is a MesonPackage.

    Returns:
-        list of str: standard arguments that would be used if this
+        list: standard arguments that would be used if this
        package were a MesonPackage instance.

    Args:
-        pkg (PackageBase): package under consideration
+        pkg (spack.package.PackageBase): package under consideration

    Returns:
-        list of str: arguments for meson
+        list: arguments for meson
    """
    return spack.build_systems.meson.MesonPackage._std_args(pkg)

@@ -771,7 +738,7 @@ def load_external_modules(pkg):
    associated with them.

    Args:
-        pkg (PackageBase): package to load deps for
+        pkg (spack.package.PackageBase): package to load deps for
    """
    for dep in list(pkg.spec.traverse()):
        external_modules = dep.external_modules or []
@@ -781,42 +748,40 @@ def load_external_modules(pkg):

 def setup_package(pkg, dirty, context='build'):
    """Execute all environment setup routines."""
+    if context not in ['build', 'test']:
+        raise ValueError(
+            "'context' must be one of ['build', 'test'] - got: {0}"
+            .format(context))
+
+    set_module_variables_for_package(pkg)
+
    env = EnvironmentModifications()

    if not dirty:
        clean_environment()

-    # setup compilers and build tools for build contexts
+    # setup compilers for build contexts
    need_compiler = context == 'build' or (context == 'test' and
                                           pkg.test_requires_compiler)
    if need_compiler:
        set_compiler_environment_variables(pkg, env)
-        set_build_environment_variables(pkg, env, dirty)
+        set_wrapper_variables(pkg, env)
+
+    env.extend(modifications_from_dependencies(
+        pkg.spec, context, custom_mods_only=False))

    # architecture specific setup
    pkg.architecture.platform.setup_platform_environment(pkg, env)

    if context == 'build':
-        # recursive post-order dependency information
-        env.extend(
-            modifications_from_dependencies(pkg.spec, context=context)
-        )
+        pkg.setup_build_environment(env)

        if (not dirty) and (not env.is_unset('CPATH')):
            tty.debug("A dependency has updated CPATH, this may lead pkg-"
                      "config to assume that the package is part of the system"
                      " includes and omit it when invoked with '--cflags'.")
-
-        # setup package itself
-        set_module_variables_for_package(pkg)
-        pkg.setup_build_environment(env)
    elif context == 'test':
-        import spack.user_environment as uenv  # avoid circular import
-        env.extend(uenv.environment_modifications_for_spec(pkg.spec))
-        env.extend(
-            modifications_from_dependencies(pkg.spec, context=context)
-        )
-        set_module_variables_for_package(pkg)
+        pkg.setup_run_environment(env)
        env.prepend_path('PATH', '.')

    # Loading modules, in particular if they are meant to be used outside
@@ -858,39 +823,173 @@ def setup_package(pkg, dirty, context='build'):
    env.apply_modifications()


-def modifications_from_dependencies(spec, context):
+def _make_runnable(pkg, env):
+    # Helper method which prepends a Package's bin/ prefix to the PATH
+    # environment variable
+    prefix = pkg.prefix
+
+    for dirname in ['bin', 'bin64']:
+        bin_dir = os.path.join(prefix, dirname)
+        if os.path.isdir(bin_dir):
+            env.prepend_path('PATH', bin_dir)
+
+
+def modifications_from_dependencies(spec, context, custom_mods_only=True):
    """Returns the environment modifications that are required by
    the dependencies of a spec and also applies modifications
    to this spec's package at module scope, if need be.

+    Environment modifications include:
+
+    - Updating PATH so that executables can be found
+    - Updating CMAKE_PREFIX_PATH and PKG_CONFIG_PATH so that their respective
+      tools can find Spack-built dependencies
+    - Running custom package environment modifications
+
+    Custom package modifications can conflict with the default PATH changes
+    we make (specifically for the PATH, CMAKE_PREFIX_PATH, and PKG_CONFIG_PATH
+    environment variables), so this applies changes in a fixed order:
+
+    - All modifications (custom and default) from external deps first
+    - All modifications from non-external deps afterwards
+
+    With that order, `PrependPath` actions from non-external default
+    environment modifications will take precedence over custom modifications
+    from external packages.
+
+    A secondary constraint is that custom and default modifications are
+    grouped on a per-package basis: combined with the post-order traversal this
+    means that default modifications of dependents can override custom
+    modifications of dependencies (again, this would only occur for PATH,
+    CMAKE_PREFIX_PATH, or PKG_CONFIG_PATH).
+
    Args:
-        spec (Spec): spec for which we want the modifications
+        spec (spack.spec.Spec): spec for which we want the modifications
        context (str): either 'build' for build-time modifications or 'run'
            for run-time modifications
    """
+    if context not in ['build', 'run', 'test']:
+        raise ValueError(
+            "Expecting context to be one of ['build', 'run', 'test'], "
+            "got: {0}".format(context))
+
    env = EnvironmentModifications()
-    pkg = spec.package

-    # Maps the context to deptype and method to be called
-    deptype_and_method = {
-        'build': (('build', 'link', 'test'),
-                  'setup_dependent_build_environment'),
-        'run': (('link', 'run'), 'setup_dependent_run_environment'),
-        'test': (('link', 'run', 'test'), 'setup_dependent_run_environment')
-    }
-    deptype, method = deptype_and_method[context]
+    # Note: see computation of 'custom_mod_deps' and 'exe_deps' later in this
+    # function; these sets form the building blocks of those collections.
+    build_deps      = set(spec.dependencies(deptype=('build', 'test')))
+    link_deps       = set(spec.traverse(root=False, deptype='link'))
+    build_link_deps = build_deps | link_deps
+    build_and_supporting_deps = set()
+    for build_dep in build_deps:
+        build_and_supporting_deps.update(build_dep.traverse(deptype='run'))
+    run_and_supporting_deps = set(
+        spec.traverse(root=False, deptype=('run', 'link')))
+    test_and_supporting_deps = set()
+    for test_dep in set(spec.dependencies(deptype='test')):
+        test_and_supporting_deps.update(test_dep.traverse(deptype='run'))

-    root = context == 'test'
-    for dspec in spec.traverse(order='post', root=root, deptype=deptype):
-        dpkg = dspec.package
-        set_module_variables_for_package(dpkg)
-        # Allow dependencies to modify the module
-        dpkg.setup_dependent_package(pkg.module, spec)
-        getattr(dpkg, method)(env, spec)
+    # All dependencies that might have environment modifications to apply
+    custom_mod_deps = set()
+    if context == 'build':
+        custom_mod_deps.update(build_and_supporting_deps)
+        # Tests may be performed after build
+        custom_mod_deps.update(test_and_supporting_deps)
+    else:
+        # test/run context
+        custom_mod_deps.update(run_and_supporting_deps)
+        if context == 'test':
+            custom_mod_deps.update(test_and_supporting_deps)
+    custom_mod_deps.update(link_deps)
+
+    # Determine 'exe_deps': the set of packages with binaries we want to use
+    if context == 'build':
+        exe_deps = build_and_supporting_deps | test_and_supporting_deps
+    elif context == 'run':
+        exe_deps = set(spec.traverse(deptype='run'))
+    elif context == 'test':
+        exe_deps = test_and_supporting_deps
+
+    def default_modifications_for_dep(dep):
+        if (dep in build_link_deps and
+                not is_system_path(dep.prefix) and
+                context == 'build'):
+            prefix = dep.prefix
+
+            env.prepend_path('CMAKE_PREFIX_PATH', prefix)
+
+            for directory in ('lib', 'lib64', 'share'):
+                pcdir = os.path.join(prefix, directory, 'pkgconfig')
+                if os.path.isdir(pcdir):
+                    env.prepend_path('PKG_CONFIG_PATH', pcdir)
+
+        if dep in exe_deps and not is_system_path(dep.prefix):
+            _make_runnable(dep, env)
+
+    def add_modifications_for_dep(dep):
+        # Some callers of this function only want the custom modifications.
+        # For callers that want both custom and default modifications, we want
+        # to perform the default modifications here (this groups custom
+        # and default modifications together on a per-package basis).
+        if not custom_mods_only:
+            default_modifications_for_dep(dep)
+
+        # Perform custom modifications here (PrependPath actions performed in
+        # the custom method override the default environment modifications
+        # we do to help the build, namely for PATH, CMAKE_PREFIX_PATH, and
+        # PKG_CONFIG_PATH)
+        if dep in custom_mod_deps:
+            dpkg = dep.package
+            set_module_variables_for_package(dpkg)
+            # Allow dependencies to modify the module
+            dpkg.setup_dependent_package(spec.package.module, spec)
+            if context == 'build':
+                dpkg.setup_dependent_build_environment(env, spec)
+            else:
+                dpkg.setup_dependent_run_environment(env, spec)
+
+    # Note that we want to perform environment modifications in a fixed order.
+    # The Spec.traverse method provides this: i.e. in addition to
+    # the post-order semantics, it also guarantees a fixed traversal order
+    # among dependencies which are not constrained by post-order semantics.
+    for dspec in spec.traverse(root=False, order='post'):
+        if dspec.external:
+            add_modifications_for_dep(dspec)
+
+    for dspec in spec.traverse(root=False, order='post'):
+        # Default env modifications for non-external packages can override
+        # custom modifications of external packages (this can only occur
+        # for modifications to PATH, CMAKE_PREFIX_PATH, and PKG_CONFIG_PATH)
+        if not dspec.external:
+            add_modifications_for_dep(dspec)

    return env


+def get_cmake_prefix_path(pkg):
+    # Note that unlike modifications_from_dependencies, this does not include
+    # any edits to CMAKE_PREFIX_PATH defined in custom
+    # setup_dependent_build_environment implementations of dependency packages
+    build_deps      = set(pkg.spec.dependencies(deptype=('build', 'test')))
+    link_deps       = set(pkg.spec.traverse(root=False, deptype=('link')))
+    build_link_deps = build_deps | link_deps
+    spack_built = []
+    externals = []
+    # modifications_from_dependencies updates CMAKE_PREFIX_PATH by first
+    # prepending all externals and then all non-externals
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if dspec in build_link_deps:
+            if dspec.external:
+                externals.insert(0, dspec)
+            else:
+                spack_built.insert(0, dspec)
+
+    ordered_build_link_deps = spack_built + externals
+    build_link_prefixes = filter_system_paths(
+        x.prefix for x in ordered_build_link_deps)
+    return build_link_prefixes
+
+
 def _setup_pkg_and_run(serialized_pkg, function, kwargs, child_pipe,
                       input_multiprocess_fd):

@@ -963,9 +1062,9 @@ def start_build_process(pkg, function, kwargs):

    Args:

-        pkg (PackageBase): package whose environment we should set up the
+        pkg (spack.package.PackageBase): package whose environment we should set up the
            child process for.
-        function (callable): argless function to run in the child
+        function (typing.Callable): argless function to run in the child
            process.

    Usage::
@@ -1050,7 +1149,7 @@ def get_package_context(traceback, context=3):
    """Return some context for an error message when the build fails.

    Args:
-        traceback (traceback): A traceback from some exception raised during
+        traceback: A traceback from some exception raised during
            install

        context (int): Lines of context to show before and after the line
--- a/lib/spack/spack/build_systems/aspell_dict.py
+++ b/lib/spack/spack/build_systems/aspell_dict.py
@@ -6,6 +6,7 @@
 # Why doesn't this work for me?
 # from spack import *
 from llnl.util.filesystem import filter_file
+
 from spack.build_systems.autotools import AutotoolsPackage
 from spack.directives import extends
 from spack.package import ExtensionError
--- a/lib/spack/spack/build_systems/autotools.py
+++ b/lib/spack/spack/build_systems/autotools.py
@@ -7,13 +7,13 @@
 import os
 import os.path
 import stat
-from subprocess import PIPE
-from subprocess import check_call
+from subprocess import PIPE, check_call
 from typing import List  # novm

-import llnl.util.tty as tty
 import llnl.util.filesystem as fs
-from llnl.util.filesystem import working_dir, force_remove
+import llnl.util.tty as tty
+from llnl.util.filesystem import force_remove, working_dir
+
 from spack.package import PackageBase, run_after, run_before
 from spack.util.executable import Executable

@@ -30,7 +30,7 @@ class AutotoolsPackage(PackageBase):

    They all have sensible defaults and for many packages the only thing
    necessary will be to override the helper method
-    :py:meth:`~.AutotoolsPackage.configure_args`.
+    :meth:`~spack.build_systems.autotools.AutotoolsPackage.configure_args`.
    For a finer tuning you may also override:

        +-----------------------------------------------+--------------------+
@@ -331,7 +331,7 @@ def flags_to_build_system_args(self, flags):

    def configure(self, spec, prefix):
        """Runs configure with the arguments specified in
-        :py:meth:`~.AutotoolsPackage.configure_args`
+        :meth:`~spack.build_systems.autotools.AutotoolsPackage.configure_args`
        and an appropriately set prefix.
        """
        options = getattr(self, 'configure_flag_args', [])
@@ -345,8 +345,11 @@ def build(self, spec, prefix):
        """Makes the build targets specified by
        :py:attr:``~.AutotoolsPackage.build_targets``
        """
+        # See https://autotools.io/automake/silent.html
+        params = ['V=1']
+        params += self.build_targets
        with working_dir(self.build_directory):
-            inspect.getmodule(self).make(*self.build_targets)
+            inspect.getmodule(self).make(*params)

    def install(self, spec, prefix):
        """Makes the install targets specified by
@@ -373,8 +376,8 @@ def _activate_or_not(
            activation_value=None
    ):
        """This function contains the current implementation details of
-        :py:meth:`~.AutotoolsPackage.with_or_without` and
-        :py:meth:`~.AutotoolsPackage.enable_or_disable`.
+        :meth:`~spack.build_systems.autotools.AutotoolsPackage.with_or_without` and
+        :meth:`~spack.build_systems.autotools.AutotoolsPackage.enable_or_disable`.

        Args:
            name (str): name of the variant that is being processed
@@ -382,7 +385,7 @@ def _activate_or_not(
                case of ``with_or_without``)
            deactivation_word (str): the default deactivation word ('without'
                in the case of ``with_or_without``)
-            activation_value (callable): callable that accepts a single
+            activation_value (typing.Callable): callable that accepts a single
                value. This value is either one of the allowed values for a
                multi-valued variant or the name of a bool-valued variant.
                Returns the parameter to be used when the value is activated.
@@ -417,7 +420,7 @@ def _activate_or_not(
            for ``<spec-name> foo=x +bar``

        Returns:
-            list of strings that corresponds to the activation/deactivation
+            list: list of strings that corresponds to the activation/deactivation
            of the variant that has been processed

        Raises:
@@ -498,7 +501,7 @@ def with_or_without(self, name, activation_value=None):

        Args:
            name (str): name of a valid multi-valued variant
-            activation_value (callable): callable that accepts a single
+            activation_value (typing.Callable): callable that accepts a single
                value and returns the parameter to be used leading to an entry
                of the type ``--with-{name}={parameter}``.

@@ -511,12 +514,13 @@ def with_or_without(self, name, activation_value=None):
        return self._activate_or_not(name, 'with', 'without', activation_value)

    def enable_or_disable(self, name, activation_value=None):
-        """Same as :py:meth:`~.AutotoolsPackage.with_or_without` but substitute
-        ``with`` with ``enable`` and ``without`` with ``disable``.
+        """Same as
+        :meth:`~spack.build_systems.autotools.AutotoolsPackage.with_or_without`
+        but substitute ``with`` with ``enable`` and ``without`` with ``disable``.

        Args:
            name (str): name of a valid multi-valued variant
-            activation_value (callable): if present accepts a single value
+            activation_value (typing.Callable): if present accepts a single value
                and returns the parameter to be used leading to an entry of the
                type ``--enable-{name}={parameter}``

--- a/lib/spack/spack/build_systems/cached_cmake.py
+++ b/lib/spack/spack/build_systems/cached_cmake.py
@@ -4,8 +4,8 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 import os

-from llnl.util.filesystem import install, mkdirp
 import llnl.util.tty as tty
+from llnl.util.filesystem import install, mkdirp

 from spack.build_systems.cmake import CMakePackage
 from spack.package import run_after
@@ -108,21 +108,6 @@ def initconfig_compiler_entries(self):
        if fflags:
            entries.append(cmake_cache_string("CMAKE_Fortran_FLAGS", fflags))

-        # Override XL compiler family
-        familymsg = ("Override to proper compiler family for XL")
-        if "xlf" in (self.compiler.fc or ''):  # noqa: F821
-            entries.append(cmake_cache_string(
-                "CMAKE_Fortran_COMPILER_ID", "XL",
-                familymsg))
-        if "xlc" in self.compiler.cc:  # noqa: F821
-            entries.append(cmake_cache_string(
-                "CMAKE_C_COMPILER_ID", "XL",
-                familymsg))
-        if "xlC" in self.compiler.cxx:  # noqa: F821
-            entries.append(cmake_cache_string(
-                "CMAKE_CXX_COMPILER_ID", "XL",
-                familymsg))
-
        return entries

    def initconfig_mpi_entries(self):
--- a/lib/spack/spack/build_systems/cmake.py
+++ b/lib/spack/spack/build_systems/cmake.py
@@ -10,11 +10,11 @@
 import re
 from typing import List  # novm

-import spack.build_environment
 from llnl.util.filesystem import working_dir
-from spack.util.environment import filter_system_paths
-from spack.directives import depends_on, variant, conflicts
-from spack.package import PackageBase, InstallError, run_after
+
+import spack.build_environment
+from spack.directives import conflicts, depends_on, variant
+from spack.package import InstallError, PackageBase, run_after

 # Regex to extract the primary generator from the CMake generator
 # string.
@@ -185,13 +185,9 @@ def _std_args(pkg):
            define('CMAKE_INSTALL_RPATH_USE_LINK_PATH', False),
            define('CMAKE_INSTALL_RPATH',
                   spack.build_environment.get_rpaths(pkg)),
+            define('CMAKE_PREFIX_PATH',
+                   spack.build_environment.get_cmake_prefix_path(pkg))
        ])
-        # CMake's find_package() looks in CMAKE_PREFIX_PATH first, help CMake
-        # to find immediate link dependencies in right places:
-        deps = [d.prefix for d in
-                pkg.spec.dependencies(deptype=('build', 'link'))]
-        deps = filter_system_paths(deps)
-        args.append(define('CMAKE_PREFIX_PATH', deps))
        return args

    @staticmethod
@@ -240,7 +236,7 @@ def define_from_variant(self, cmake_var, variant=None):
        of ``cmake_var``.

        This utility function is similar to
-        :py:meth:`~.AutotoolsPackage.with_or_without`.
+        :meth:`~spack.build_systems.autotools.AutotoolsPackage.with_or_without`.

        Examples:

@@ -258,9 +254,9 @@ def define_from_variant(self, cmake_var, variant=None):

            .. code-block:: python

-                [define_from_variant('BUILD_SHARED_LIBS', 'shared'),
-                 define_from_variant('CMAKE_CXX_STANDARD', 'cxxstd'),
-                 define_from_variant('SWR')]
+                [self.define_from_variant('BUILD_SHARED_LIBS', 'shared'),
+                 self.define_from_variant('CMAKE_CXX_STANDARD', 'cxxstd'),
+                 self.define_from_variant('SWR')]

            will generate the following configuration options:

--- a/lib/spack/spack/build_systems/cuda.py
+++ b/lib/spack/spack/build_systems/cuda.py
@@ -3,10 +3,9 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-from spack.package import PackageBase
-from spack.directives import depends_on, variant, conflicts
-
 import spack.variant
+from spack.directives import conflicts, depends_on, variant
+from spack.package import PackageBase


 class CudaPackage(PackageBase):
@@ -79,47 +78,46 @@ def cuda_flags(arch_list):
    depends_on('cuda@11.0:',    when='cuda_arch=80')
    depends_on('cuda@11.1:',    when='cuda_arch=86')

-    # There are at least three cases to be aware of for compiler conflicts
-    # 1. Linux x86_64
-    # 2. Linux ppc64le
-    # 3. Mac OS X
-    # CUDA-compiler conflicts are version-to-version specific and are
-    # difficult to express with the current Spack conflict syntax
+    # From the NVIDIA install guide we know of conflicts for particular
+    # platforms (linux, darwin), architectures (x86, powerpc) and compilers
+    # (gcc, clang). We don't restrict %gcc and %clang conflicts to
+    # platform=linux, since they should also apply to platform=cray, and may
+    # apply to platform=darwin. We currently do not provide conflicts for
+    # platform=darwin with %apple-clang.

    # Linux x86_64 compiler conflicts from here:
    # https://gist.github.com/ax3l/9489132
-    arch_platform = ' target=x86_64: platform=linux'
-    conflicts('%gcc@5:', when='+cuda ^cuda@:7.5' + arch_platform)
-    conflicts('%gcc@6:', when='+cuda ^cuda@:8' + arch_platform)
-    conflicts('%gcc@7:', when='+cuda ^cuda@:9.1' + arch_platform)
-    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130' + arch_platform)
-    conflicts('%gcc@9:', when='+cuda ^cuda@:10.2.89' + arch_platform)
-    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
-    conflicts('%pgi@:14.8', when='+cuda ^cuda@:7.0.27' + arch_platform)
-    conflicts('%pgi@:15.3,15.5:', when='+cuda ^cuda@7.5' + arch_platform)
-    conflicts('%pgi@:16.2,16.0:16.3', when='+cuda ^cuda@8' + arch_platform)
-    conflicts('%pgi@:15,18:', when='+cuda ^cuda@9.0:9.1' + arch_platform)
-    conflicts('%pgi@:16,19:', when='+cuda ^cuda@9.2.88:10' + arch_platform)
+    conflicts('%gcc@5:', when='+cuda ^cuda@:7.5 target=x86_64:')
+    conflicts('%gcc@6:', when='+cuda ^cuda@:8 target=x86_64:')
+    conflicts('%gcc@7:', when='+cuda ^cuda@:9.1 target=x86_64:')
+    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130 target=x86_64:')
+    conflicts('%gcc@9:', when='+cuda ^cuda@:10.2.89 target=x86_64:')
+    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2: target=x86_64:')
+    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.3 target=x86_64:')
+    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0 target=x86_64:')
+    conflicts('%pgi@:14.8', when='+cuda ^cuda@:7.0.27 target=x86_64:')
+    conflicts('%pgi@:15.3,15.5:', when='+cuda ^cuda@7.5 target=x86_64:')
+    conflicts('%pgi@:16.2,16.0:16.3', when='+cuda ^cuda@8 target=x86_64:')
+    conflicts('%pgi@:15,18:', when='+cuda ^cuda@9.0:9.1 target=x86_64:')
+    conflicts('%pgi@:16,19:', when='+cuda ^cuda@9.2.88:10 target=x86_64:')
    conflicts('%pgi@:17,20:',
-              when='+cuda ^cuda@10.1.105:10.2.89' + arch_platform)
+              when='+cuda ^cuda@10.1.105:10.2.89 target=x86_64:')
    conflicts('%pgi@:17,21:',
-              when='+cuda ^cuda@11.0.2:11.1.0' + arch_platform)
-    conflicts('%clang@:3.4', when='+cuda ^cuda@:7.5' + arch_platform)
+              when='+cuda ^cuda@11.0.2:11.1.0 target=x86_64:')
+    conflicts('%clang@:3.4', when='+cuda ^cuda@:7.5 target=x86_64:')
    conflicts('%clang@:3.7,4:',
-              when='+cuda ^cuda@8.0:9.0' + arch_platform)
+              when='+cuda ^cuda@8.0:9.0 target=x86_64:')
    conflicts('%clang@:3.7,4.1:',
-              when='+cuda ^cuda@9.1' + arch_platform)
-    conflicts('%clang@:3.7,5.1:', when='+cuda ^cuda@9.2' + arch_platform)
-    conflicts('%clang@:3.7,6.1:', when='+cuda ^cuda@10.0.130' + arch_platform)
-    conflicts('%clang@:3.7,7.1:', when='+cuda ^cuda@10.1.105' + arch_platform)
+              when='+cuda ^cuda@9.1 target=x86_64:')
+    conflicts('%clang@:3.7,5.1:', when='+cuda ^cuda@9.2 target=x86_64:')
+    conflicts('%clang@:3.7,6.1:', when='+cuda ^cuda@10.0.130 target=x86_64:')
+    conflicts('%clang@:3.7,7.1:', when='+cuda ^cuda@10.1.105 target=x86_64:')
    conflicts('%clang@:3.7,8.1:',
-              when='+cuda ^cuda@10.1.105:10.1.243' + arch_platform)
-    conflicts('%clang@:3.2,9:', when='+cuda ^cuda@10.2.89' + arch_platform)
-    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
+              when='+cuda ^cuda@10.1.105:10.1.243 target=x86_64:')
+    conflicts('%clang@:3.2,9:', when='+cuda ^cuda@10.2.89 target=x86_64:')
+    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2: target=x86_64:')
+    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.3 target=x86_64:')
+    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0 target=x86_64:')

    # x86_64 vs. ppc64le differ according to NVidia docs
    # Linux ppc64le compiler conflicts from Table from the docs below:
@@ -129,27 +127,26 @@ def cuda_flags(arch_list):
    # https://docs.nvidia.com/cuda/archive/9.0/cuda-installation-guide-linux/index.html
    # https://docs.nvidia.com/cuda/archive/8.0/cuda-installation-guide-linux/index.html

-    arch_platform = ' target=ppc64le: platform=linux'
    # information prior to CUDA 9 difficult to find
-    conflicts('%gcc@6:', when='+cuda ^cuda@:9' + arch_platform)
-    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130' + arch_platform)
-    conflicts('%gcc@9:', when='+cuda ^cuda@:10.1.243' + arch_platform)
+    conflicts('%gcc@6:', when='+cuda ^cuda@:9 target=ppc64le:')
+    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130 target=ppc64le:')
+    conflicts('%gcc@9:', when='+cuda ^cuda@:10.1.243 target=ppc64le:')
    # officially, CUDA 11.0.2 only supports the system GCC 8.3 on ppc64le
-    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
-    conflicts('%pgi', when='+cuda ^cuda@:8' + arch_platform)
-    conflicts('%pgi@:16', when='+cuda ^cuda@:9.1.185' + arch_platform)
-    conflicts('%pgi@:17', when='+cuda ^cuda@:10' + arch_platform)
-    conflicts('%clang@4:', when='+cuda ^cuda@:9.0.176' + arch_platform)
-    conflicts('%clang@5:', when='+cuda ^cuda@:9.1' + arch_platform)
-    conflicts('%clang@6:', when='+cuda ^cuda@:9.2' + arch_platform)
-    conflicts('%clang@7:', when='+cuda ^cuda@10.0.130' + arch_platform)
-    conflicts('%clang@7.1:', when='+cuda ^cuda@:10.1.105' + arch_platform)
-    conflicts('%clang@8.1:', when='+cuda ^cuda@:10.2.89' + arch_platform)
-    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
+    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2: target=ppc64le:')
+    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.3 target=ppc64le:')
+    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0 target=ppc64le:')
+    conflicts('%pgi', when='+cuda ^cuda@:8 target=ppc64le:')
+    conflicts('%pgi@:16', when='+cuda ^cuda@:9.1.185 target=ppc64le:')
+    conflicts('%pgi@:17', when='+cuda ^cuda@:10 target=ppc64le:')
+    conflicts('%clang@4:', when='+cuda ^cuda@:9.0.176 target=ppc64le:')
+    conflicts('%clang@5:', when='+cuda ^cuda@:9.1 target=ppc64le:')
+    conflicts('%clang@6:', when='+cuda ^cuda@:9.2 target=ppc64le:')
+    conflicts('%clang@7:', when='+cuda ^cuda@10.0.130 target=ppc64le:')
+    conflicts('%clang@7.1:', when='+cuda ^cuda@:10.1.105 target=ppc64le:')
+    conflicts('%clang@8.1:', when='+cuda ^cuda@:10.2.89 target=ppc64le:')
+    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2: target=ppc64le:')
+    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.3 target=ppc64le:')
+    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0 target=ppc64le:')

    # Intel is mostly relevant for x86_64 Linux, even though it also
    # exists for Mac OS X. No information prior to CUDA 3.2 or Intel 11.1
@@ -171,15 +168,8 @@ def cuda_flags(arch_list):
    conflicts('%xl@:12,14:15,17:', when='+cuda ^cuda@9.2')
    conflicts('%xl@:12,17:', when='+cuda ^cuda@:11.1.0')

-    # Mac OS X
-    # platform = ' platform=darwin'
-    # Apple XCode clang vs. LLVM clang are difficult to specify
-    # with spack syntax. Xcode clang name is `clang@x.y.z-apple`
-    # which precludes ranges being specified. We have proposed
-    # rename XCode clang to `clang@apple-x.y.z` or even
-    # `clang-apple@x.y.z as a possible fix.
-    # Compiler conflicts will be eventual taken from here:
-    # https://docs.nvidia.com/cuda/cuda-installation-guide-mac-os-x/index.html#abstract
+    # Darwin.
+    # TODO: add missing conflicts for %apple-clang cuda@:10
    conflicts('platform=darwin', when='+cuda ^cuda@11.0.2:')

    # Make sure cuda_arch can not be used without +cuda
--- a/lib/spack/spack/build_systems/gnu.py
+++ b/lib/spack/spack/build_systems/gnu.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class GNUMirrorPackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/intel.py
+++ b/lib/spack/spack/build_systems/intel.py
@@ -4,26 +4,32 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)


-import os
-import sys
 import glob
-import tempfile
-import re
 import inspect
+import os
+import re
+import sys
+import tempfile
 import xml.etree.ElementTree as ElementTree
+
 import llnl.util.tty as tty
+from llnl.util.filesystem import (
+    HeaderList,
+    LibraryList,
+    ancestor,
+    filter_file,
+    find_headers,
+    find_libraries,
+    find_system_libraries,
+    install,
+)

-from llnl.util.filesystem import \
-    install, ancestor, filter_file, \
-    HeaderList, find_headers, \
-    LibraryList, find_libraries, find_system_libraries
-
-from spack.version import Version, ver
-from spack.package import PackageBase, run_after, InstallError
+from spack.build_environment import dso_suffix
+from spack.package import InstallError, PackageBase, run_after
 from spack.util.environment import EnvironmentModifications
 from spack.util.executable import Executable
 from spack.util.prefix import Prefix
-from spack.build_environment import dso_suffix
+from spack.version import Version, ver

 # A couple of utility functions that might be useful in general. If so, they
 # should really be defined elsewhere, unless deemed heretical.
@@ -362,7 +368,7 @@ def normalize_suite_dir(self, suite_dir_name, version_globs=['*.*.*']):
                toplevel psxevars.sh or equivalent file to source (and thus by
                the modulefiles that Spack produces).

-            version_globs (list of str): Suffix glob patterns (most specific
+            version_globs (list): Suffix glob patterns (most specific
                first) expected to qualify suite_dir_name to its fully
                version-specific install directory (as opposed to a
                compatibility directory or symlink).
@@ -1089,7 +1095,7 @@ def _setup_dependent_env_callback(
                # Intel MPI since 2019 depends on libfabric which is not in the
                # lib directory but in a directory of its own which should be
                # included in the rpath
-                if self.version >= ver('2019'):
+                if self.version_yearlike >= ver('2019'):
                    d = ancestor(self.component_lib_dir('mpi'))
                    libfabrics_path = os.path.join(d, 'libfabric', 'lib')
                    env.append_path('SPACK_COMPILER_EXTRA_RPATHS',
--- a/lib/spack/spack/build_systems/makefile.py
+++ b/lib/spack/spack/build_systems/makefile.py
@@ -9,6 +9,7 @@

 import llnl.util.tty as tty
 from llnl.util.filesystem import working_dir
+
 from spack.package import PackageBase, run_after


--- a/lib/spack/spack/build_systems/maven.py
+++ b/lib/spack/spack/build_systems/maven.py
@@ -5,6 +5,7 @@


 from llnl.util.filesystem import install_tree, working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after
 from spack.util.executable import which
--- a/lib/spack/spack/build_systems/meson.py
+++ b/lib/spack/spack/build_systems/meson.py
@@ -9,6 +9,7 @@
 from typing import List  # novm

 from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on, variant
 from spack.package import PackageBase, run_after

@@ -55,9 +56,8 @@ class MesonPackage(PackageBase):
    variant('buildtype', default='debugoptimized',
            description='Meson build type',
            values=('plain', 'debug', 'debugoptimized', 'release', 'minsize'))
-    variant('default_library', default='shared',
-            description=' Default library type',
-            values=('shared', 'static', 'both'))
+    variant('default_library', default='shared', values=('shared', 'static'),
+            multi=True, description='Build shared libs, static libs or both')
    variant('strip', default=False, description='Strip targets on install')

    depends_on('meson', type='build')
@@ -102,9 +102,11 @@ def _std_args(pkg):

        strip = 'true' if '+strip' in pkg.spec else 'false'

-        try:
-            default_library = pkg.spec.variants['default_library'].value
-        except KeyError:
+        if 'default_library=static,shared' in pkg.spec:
+            default_library = 'both'
+        elif 'default_library=static' in pkg.spec:
+            default_library = 'static'
+        else:
            default_library = 'shared'

        args = [
--- a/lib/spack/spack/build_systems/oneapi.py
+++ b/lib/spack/spack/build_systems/oneapi.py
@@ -8,16 +8,16 @@
 """

 import getpass
+import platform
 import shutil
-from sys import platform
 from os.path import basename, dirname, isdir

+from llnl.util.filesystem import find_headers, find_libraries, join_path
+
 from spack.package import Package
 from spack.util.environment import EnvironmentModifications
 from spack.util.executable import Executable

-from llnl.util.filesystem import find_headers, find_libraries, join_path
-

 class IntelOneApiPackage(Package):
    """Base class for Intel oneAPI packages."""
@@ -48,7 +48,7 @@ def install(self, spec, prefix, installer_path=None):
        if installer_path is None:
            installer_path = basename(self.url_for_version(spec.version))

-        if platform == 'linux':
+        if platform.system() == 'Linux':
            # Intel installer assumes and enforces that all components
            # are installed into a single prefix. Spack wants to
            # install each component in a separate prefix. The
@@ -69,6 +69,9 @@ def install(self, spec, prefix, installer_path=None):

            # Installer writes files in ~/intel set HOME so it goes to prefix
            bash.add_default_env('HOME', prefix)
+            # Installer checks $XDG_RUNTIME_DIR/.bootstrapper_lock_file as well
+            bash.add_default_env('XDG_RUNTIME_DIR',
+                                 join_path(self.stage.path, 'runtime'))

            bash(installer_path,
                 '-s', '-a', '-s', '--action', 'install',
--- a/lib/spack/spack/build_systems/perl.py
+++ b/lib/spack/spack/build_systems/perl.py
@@ -7,10 +7,11 @@
 import inspect
 import os

+from llnl.util.filesystem import filter_file
+
 from spack.directives import extends
 from spack.package import PackageBase, run_after
 from spack.util.executable import Executable
-from llnl.util.filesystem import filter_file


 class PerlPackage(PackageBase):
--- a/lib/spack/spack/build_systems/python.py
+++ b/lib/spack/spack/build_systems/python.py
@@ -6,14 +6,20 @@
 import os
 import shutil

+import llnl.util.tty as tty
+from llnl.util.filesystem import (
+    filter_file,
+    find,
+    get_filetype,
+    path_contains_subdirectory,
+    same_path,
+    working_dir,
+)
+from llnl.util.lang import match_predicate
+
 from spack.directives import extends
 from spack.package import PackageBase, run_after

-from llnl.util.filesystem import (working_dir, get_filetype, filter_file,
-                                  path_contains_subdirectory, same_path, find)
-from llnl.util.lang import match_predicate
-import llnl.util.tty as tty
-

 class PythonPackage(PackageBase):
    """Specialized class for packages that are built using Python
@@ -121,24 +127,22 @@ def import_modules(self):
            list: list of strings of module names
        """
        modules = []
+        root = self.spec['python'].package.get_python_lib(prefix=self.prefix)

-        # Python libraries may be installed in lib or lib64
-        # See issues #18520 and #17126
-        for lib in ['lib', 'lib64']:
-            root = os.path.join(self.prefix, lib, 'python{0}'.format(
-                self.spec['python'].version.up_to(2)), 'site-packages')
-            # Some Python libraries are packages: collections of modules
-            # distributed in directories containing __init__.py files
-            for path in find(root, '__init__.py', recursive=True):
-                modules.append(path.replace(root + os.sep, '', 1).replace(
-                    os.sep + '__init__.py', '').replace('/', '.'))
-            # Some Python libraries are modules: individual *.py files
-            # found in the site-packages directory
-            for path in find(root, '*.py', recursive=False):
-                modules.append(path.replace(root + os.sep, '', 1).replace(
-                    '.py', '').replace('/', '.'))
+        # Some Python libraries are packages: collections of modules
+        # distributed in directories containing __init__.py files
+        for path in find(root, '__init__.py', recursive=True):
+            modules.append(path.replace(root + os.sep, '', 1).replace(
+                os.sep + '__init__.py', '').replace('/', '.'))
+
+        # Some Python libraries are modules: individual *.py files
+        # found in the site-packages directory
+        for path in find(root, '*.py', recursive=False):
+            modules.append(path.replace(root + os.sep, '', 1).replace(
+                '.py', '').replace('/', '.'))

        tty.debug('Detected the following modules: {0}'.format(modules))
+
        return modules

    def setup_file(self):
@@ -248,15 +252,12 @@ def install_args(self, spec, prefix):
        # Get all relative paths since we set the root to `prefix`
        # We query the python with which these will be used for the lib and inc
        # directories. This ensures we use `lib`/`lib64` as expected by python.
-        python = spec['python'].package.command
-        command_start = 'print(distutils.sysconfig.'
-        commands = ';'.join([
-            'import distutils.sysconfig',
-            command_start + 'get_python_lib(plat_specific=False, prefix=""))',
-            command_start + 'get_python_lib(plat_specific=True, prefix=""))',
-            command_start + 'get_python_inc(plat_specific=True, prefix=""))'])
-        pure_site_packages_dir, plat_site_packages_dir, inc_dir = python(
-            '-c', commands, output=str, error=str).strip().split('\n')
+        pure_site_packages_dir = spec['python'].package.get_python_lib(
+            plat_specific=False, prefix='')
+        plat_site_packages_dir = spec['python'].package.get_python_lib(
+            plat_specific=True, prefix='')
+        inc_dir = spec['python'].package.get_python_inc(
+            plat_specific=True, prefix='')

        args += ['--root=%s' % prefix,
                 '--install-purelib=%s' % pure_site_packages_dir,
--- a/lib/spack/spack/build_systems/qmake.py
+++ b/lib/spack/spack/build_systems/qmake.py
@@ -7,6 +7,7 @@
 import inspect

 from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after

--- a/lib/spack/spack/build_systems/rocm.py
+++ b/lib/spack/spack/build_systems/rocm.py
@@ -75,10 +75,9 @@
 #    does not like its directory structure.
 #

-from spack.package import PackageBase
-from spack.directives import depends_on, variant, conflicts
-
 import spack.variant
+from spack.directives import conflicts, depends_on, variant
+from spack.package import PackageBase


 class ROCmPackage(PackageBase):
--- a/lib/spack/spack/build_systems/sip.py
+++ b/lib/spack/spack/build_systems/sip.py
@@ -6,10 +6,11 @@
 import inspect
 import os

-from llnl.util.filesystem import find, working_dir, join_path
+import llnl.util.tty as tty
+from llnl.util.filesystem import find, join_path, working_dir
+
 from spack.directives import depends_on, extends
 from spack.package import PackageBase, run_after
-import llnl.util.tty as tty


 class SIPPackage(PackageBase):
@@ -63,24 +64,22 @@ def import_modules(self):
            list: list of strings of module names
        """
        modules = []
+        root = self.spec['python'].package.get_python_lib(prefix=self.prefix)

-        # Python libraries may be installed in lib or lib64
-        # See issues #18520 and #17126
-        for lib in ['lib', 'lib64']:
-            root = os.path.join(self.prefix, lib, 'python{0}'.format(
-                self.spec['python'].version.up_to(2)), 'site-packages')
-            # Some Python libraries are packages: collections of modules
-            # distributed in directories containing __init__.py files
-            for path in find(root, '__init__.py', recursive=True):
-                modules.append(path.replace(root + os.sep, '', 1).replace(
-                    os.sep + '__init__.py', '').replace('/', '.'))
-            # Some Python libraries are modules: individual *.py files
-            # found in the site-packages directory
-            for path in find(root, '*.py', recursive=False):
-                modules.append(path.replace(root + os.sep, '', 1).replace(
-                    '.py', '').replace('/', '.'))
+        # Some Python libraries are packages: collections of modules
+        # distributed in directories containing __init__.py files
+        for path in find(root, '__init__.py', recursive=True):
+            modules.append(path.replace(root + os.sep, '', 1).replace(
+                os.sep + '__init__.py', '').replace('/', '.'))
+
+        # Some Python libraries are modules: individual *.py files
+        # found in the site-packages directory
+        for path in find(root, '*.py', recursive=False):
+            modules.append(path.replace(root + os.sep, '', 1).replace(
+                '.py', '').replace('/', '.'))

        tty.debug('Detected the following modules: {0}'.format(modules))
+
        return modules

    def python(self, *args, **kwargs):
--- a/lib/spack/spack/build_systems/sourceforge.py
+++ b/lib/spack/spack/build_systems/sourceforge.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class SourceforgePackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/sourceware.py
+++ b/lib/spack/spack/build_systems/sourceware.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class SourcewarePackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/waf.py
+++ b/lib/spack/spack/build_systems/waf.py
@@ -6,11 +6,11 @@

 import inspect

+from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after

-from llnl.util.filesystem import working_dir
-

 class WafPackage(PackageBase):
    """Specialized class for packages that are built using the
--- a/lib/spack/spack/build_systems/xorg.py
+++ b/lib/spack/spack/build_systems/xorg.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class XorgPackage(spack.package.PackageBase):
--- a/lib/spack/spack/caches.py
+++ b/lib/spack/spack/caches.py
@@ -9,10 +9,10 @@
 import llnl.util.lang
 from llnl.util.filesystem import mkdirp

-import spack.error
-import spack.paths
 import spack.config
+import spack.error
 import spack.fetch_strategy
+import spack.paths
 import spack.util.file_cache
 import spack.util.path

--- a/lib/spack/spack/ci.py
+++ b/lib/spack/spack/ci.py
@@ -10,14 +10,16 @@
 import os
 import re
 import shutil
+import stat
 import tempfile
-import zlib
+import zipfile

 from six import iteritems
 from six.moves.urllib.error import HTTPError, URLError
 from six.moves.urllib.parse import urlencode
-from six.moves.urllib.request import build_opener, HTTPHandler, Request
+from six.moves.urllib.request import HTTPHandler, Request, build_opener

+import llnl.util.filesystem as fs
 import llnl.util.tty as tty

 import spack
@@ -26,16 +28,17 @@
 import spack.compilers as compilers
 import spack.config as cfg
 import spack.environment as ev
-from spack.error import SpackError
-import spack.hash_types as ht
 import spack.main
+import spack.mirror
+import spack.paths
 import spack.repo
-from spack.spec import Spec
-import spack.util.spack_yaml as syaml
-import spack.util.web as web_util
+import spack.util.executable as exe
 import spack.util.gpg as gpg_util
+import spack.util.spack_yaml as syaml
 import spack.util.url as url_util
-
+import spack.util.web as web_util
+from spack.error import SpackError
+from spack.spec import Spec

 JOB_RETRY_CONDITIONS = [
    'always',
@@ -77,7 +80,8 @@ def _create_buildgroup(opener, headers, url, project, group_name, group_type):
    if response_code != 200 and response_code != 201:
        msg = 'Creating buildgroup failed (response code = {0}'.format(
            response_code)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return None

    response_text = response.read()
    response_json = json.loads(response_text)
@@ -106,7 +110,8 @@ def populate_buildgroup(job_names, group_name, project, site,
    if not parent_group_id or not group_id:
        msg = 'Failed to create or retrieve buildgroups for {0}'.format(
            group_name)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return

    data = {
        'project': project,
@@ -129,7 +134,7 @@ def populate_buildgroup(job_names, group_name, project, site,
    if response_code != 200:
        msg = 'Error response code ({0}) in populate_buildgroup'.format(
            response_code)
-        raise SpackError(msg)
+        tty.warn(msg)


 def is_main_phase(phase_name):
@@ -197,10 +202,7 @@ def format_root_spec(spec, main_phase, strip_compiler):
        return '{0}@{1} arch={2}'.format(
            spec.name, spec.version, spec.architecture)
    else:
-        spec_yaml = spec.to_yaml(hash=ht.build_hash).encode('utf-8')
-        return str(base64.b64encode(zlib.compress(spec_yaml)).decode('utf-8'))
-        # return '{0}@{1}%{2} arch={3}'.format(
-        #     spec.name, spec.version, spec.compiler, spec.architecture)
+        return spec.build_hash()


 def spec_deps_key(s):
@@ -506,35 +508,21 @@ def format_job_needs(phase_name, strip_compilers, dep_jobs,
                'job': get_job_name(phase_name,
                                    strip_compilers,
                                    dep_job,
-                                    osname,
+                                    dep_job.architecture,
                                    build_group),
                'artifacts': enable_artifacts_buildcache,
            })
    return needs_list


-def add_pr_mirror(url):
-    cfg_scope = cfg.default_modify_scope()
-    mirrors = cfg.get('mirrors', scope=cfg_scope)
-    items = [(n, u) for n, u in mirrors.items()]
-    items.insert(0, ('ci_pr_mirror', url))
-    cfg.set('mirrors', syaml.syaml_dict(items), scope=cfg_scope)
-
-
-def remove_pr_mirror():
-    cfg_scope = cfg.default_modify_scope()
-    mirrors = cfg.get('mirrors', scope=cfg_scope)
-    mirrors.pop('ci_pr_mirror')
-    cfg.set('mirrors', mirrors, scope=cfg_scope)
-
-
-def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
-                            check_index_only=False, run_optimizer=False,
-                            use_dependencies=False):
-    # FIXME: What's the difference between one that opens with 'spack'
-    # and one that opens with 'env'?  This will only handle the former.
+def generate_gitlab_ci_yaml(env, print_summary, output_file,
+                            prune_dag=False, check_index_only=False,
+                            run_optimizer=False, use_dependencies=False,
+                            artifacts_root=None):
    with spack.concretize.disable_compiler_existence_check():
-        env.concretize()
+        with env.write_transaction():
+            env.concretize()
+            env.write()

    yaml_root = ev.config_dict(env.yaml)

@@ -559,9 +547,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
            tty.verbose("Using CDash auth token from environment")
            cdash_auth_token = os.environ.get('SPACK_CDASH_AUTH_TOKEN')

-    is_pr_pipeline = (
-        os.environ.get('SPACK_IS_PR_PIPELINE', '').lower() == 'true'
-    )
+    generate_job_name = os.environ.get('CI_JOB_NAME', None)
+    parent_pipeline_id = os.environ.get('CI_PIPELINE_ID', None)
+
+    spack_pipeline_type = os.environ.get('SPACK_PIPELINE_TYPE', None)
+    is_pr_pipeline = spack_pipeline_type == 'spack_pull_request'

    spack_pr_branch = os.environ.get('SPACK_PR_BRANCH', None)
    pr_mirror_url = None
@@ -574,6 +564,7 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,

    ci_mirrors = yaml_root['mirrors']
    mirror_urls = [url for url in ci_mirrors.values()]
+    remote_mirror_url = mirror_urls[0]

    # Check for a list of "known broken" specs that we should not bother
    # trying to build.
@@ -624,7 +615,51 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
    # Add this mirror if it's enabled, as some specs might be up to date
    # here and thus not need to be rebuilt.
    if pr_mirror_url:
-        add_pr_mirror(pr_mirror_url)
+        spack.mirror.add(
+            'ci_pr_mirror', pr_mirror_url, cfg.default_modify_scope())
+
+    pipeline_artifacts_dir = artifacts_root
+    if not pipeline_artifacts_dir:
+        proj_dir = os.environ.get('CI_PROJECT_DIR', os.getcwd())
+        pipeline_artifacts_dir = os.path.join(proj_dir, 'jobs_scratch_dir')
+
+    pipeline_artifacts_dir = os.path.abspath(pipeline_artifacts_dir)
+    concrete_env_dir = os.path.join(
+        pipeline_artifacts_dir, 'concrete_environment')
+
+    # Now that we've added the mirrors we know about, they should be properly
+    # reflected in the environment manifest file, so copy that into the
+    # concrete environment directory, along with the spack.lock file.
+    if not os.path.exists(concrete_env_dir):
+        os.makedirs(concrete_env_dir)
+    shutil.copyfile(env.manifest_path,
+                    os.path.join(concrete_env_dir, 'spack.yaml'))
+    shutil.copyfile(env.lock_path,
+                    os.path.join(concrete_env_dir, 'spack.lock'))
+
+    job_log_dir = os.path.join(pipeline_artifacts_dir, 'logs')
+    job_repro_dir = os.path.join(pipeline_artifacts_dir, 'reproduction')
+    local_mirror_dir = os.path.join(pipeline_artifacts_dir, 'mirror')
+    user_artifacts_dir = os.path.join(pipeline_artifacts_dir, 'user_data')
+
+    # We communicate relative paths to the downstream jobs to avoid issues in
+    # situations where the CI_PROJECT_DIR varies between the pipeline
+    # generation job and the rebuild jobs.  This can happen when gitlab
+    # checks out the project into a runner-specific directory, for example,
+    # and different runners are picked for generate and rebuild jobs.
+    ci_project_dir = os.environ.get('CI_PROJECT_DIR')
+    rel_artifacts_root = os.path.relpath(
+        pipeline_artifacts_dir, ci_project_dir)
+    rel_concrete_env_dir = os.path.relpath(
+        concrete_env_dir, ci_project_dir)
+    rel_job_log_dir = os.path.relpath(
+        job_log_dir, ci_project_dir)
+    rel_job_repro_dir = os.path.relpath(
+        job_repro_dir, ci_project_dir)
+    rel_local_mirror_dir = os.path.relpath(
+        local_mirror_dir, ci_project_dir)
+    rel_user_artifacts_dir = os.path.relpath(
+        user_artifacts_dir, ci_project_dir)

    # Speed up staging by first fetching binary indices from all mirrors
    # (including the per-PR mirror we may have just added above).
@@ -641,7 +676,7 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
    finally:
        # Clean up PR mirror if enabled
        if pr_mirror_url:
-            remove_pr_mirror()
+            spack.mirror.remove('ci_pr_mirror', cfg.default_modify_scope())

    all_job_names = []
    output_object = {}
@@ -671,14 +706,9 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                root_spec = spec_record['rootSpec']
                pkg_name = pkg_name_from_spec_label(spec_label)
                release_spec = root_spec[pkg_name]
-
-                # Check if this spec is in our list of known failures.
-                if broken_specs_url:
-                    full_hash = release_spec.full_hash()
-                    broken_spec_path = url_util.join(broken_specs_url, full_hash)
-                    if web_util.url_exists(broken_spec_path):
-                        known_broken_specs_encountered.append('{0} ({1})'.format(
-                            release_spec, full_hash))
+                release_spec_full_hash = release_spec.full_hash()
+                release_spec_dag_hash = release_spec.dag_hash()
+                release_spec_build_hash = release_spec.build_hash()

                runner_attribs = find_matching_config(
                    release_spec, gitlab_ci)
@@ -705,10 +735,15 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                    except AttributeError:
                        image_name = build_image

-                job_script = [
-                    'spack env activate --without-view .',
-                    'spack ci rebuild',
-                ]
+                job_script = ['spack env activate --without-view .']
+
+                if artifacts_root:
+                    job_script.insert(0, 'cd {0}'.format(concrete_env_dir))
+
+                job_script.extend([
+                    'spack ci rebuild'
+                ])
+
                if 'script' in runner_attribs:
                    job_script = [s for s in runner_attribs['script']]

@@ -735,9 +770,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                job_vars = {
                    'SPACK_ROOT_SPEC': format_root_spec(
                        root_spec, main_phase, strip_compilers),
+                    'SPACK_JOB_SPEC_DAG_HASH': release_spec_dag_hash,
+                    'SPACK_JOB_SPEC_BUILD_HASH': release_spec_build_hash,
+                    'SPACK_JOB_SPEC_FULL_HASH': release_spec_full_hash,
                    'SPACK_JOB_SPEC_PKG_NAME': release_spec.name,
-                    'SPACK_COMPILER_ACTION': compiler_action,
-                    'SPACK_IS_PR_PIPELINE': str(is_pr_pipeline),
+                    'SPACK_COMPILER_ACTION': compiler_action
                }

                job_dependencies = []
@@ -836,6 +873,21 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                if prune_dag and not rebuild_spec:
                    continue

+                # Check if this spec is in our list of known failures, now that
+                # we know this spec needs a rebuild
+                if broken_specs_url:
+                    broken_spec_path = url_util.join(
+                        broken_specs_url, release_spec_full_hash)
+                    if web_util.url_exists(broken_spec_path):
+                        known_broken_specs_encountered.append('{0} ({1})'.format(
+                            release_spec, release_spec_full_hash))
+
+                if artifacts_root:
+                    job_dependencies.append({
+                        'job': generate_job_name,
+                        'pipeline': '{0}'.format(parent_pipeline_id)
+                    })
+
                job_vars['SPACK_SPEC_NEEDS_REBUILD'] = str(rebuild_spec)

                if enable_cdash_reporting:
@@ -856,12 +908,14 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                variables.update(job_vars)

                artifact_paths = [
-                    'jobs_scratch_dir',
-                    'cdash_report',
+                    rel_job_log_dir,
+                    rel_job_repro_dir,
+                    rel_user_artifacts_dir
                ]

                if enable_artifacts_buildcache:
-                    bc_root = 'local_mirror/build_cache'
+                    bc_root = os.path.join(
+                        local_mirror_dir, 'build_cache')
                    artifact_paths.extend([os.path.join(bc_root, p) for p in [
                        bindist.tarball_name(release_spec, '.spec.yaml'),
                        bindist.tarball_name(release_spec, '.cdashid'),
@@ -987,6 +1041,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
            ]
            final_job['when'] = 'always'

+            if artifacts_root:
+                final_job['variables'] = {
+                    'SPACK_CONCRETE_ENV_DIR': concrete_env_dir
+                }
+
            output_object['rebuild-index'] = final_job

        output_object['stages'] = stage_names
@@ -1007,8 +1066,15 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                version_to_clone = spack_version

        output_object['variables'] = {
+            'SPACK_ARTIFACTS_ROOT': rel_artifacts_root,
+            'SPACK_CONCRETE_ENV_DIR': rel_concrete_env_dir,
            'SPACK_VERSION': spack_version,
            'SPACK_CHECKOUT_VERSION': version_to_clone,
+            'SPACK_REMOTE_MIRROR_URL': remote_mirror_url,
+            'SPACK_JOB_LOG_DIR': rel_job_log_dir,
+            'SPACK_JOB_REPRO_DIR': rel_job_repro_dir,
+            'SPACK_LOCAL_MIRROR_DIR': rel_local_mirror_dir,
+            'SPACK_PIPELINE_TYPE': str(spack_pipeline_type)
        }

        if pr_mirror_url:
@@ -1131,7 +1197,8 @@ def configure_compilers(compiler_action, scope=None):
    return None


-def get_concrete_specs(root_spec, job_name, related_builds, compiler_action):
+def get_concrete_specs(env, root_spec, job_name, related_builds,
+                       compiler_action):
    spec_map = {
        'root': None,
        'deps': {},
@@ -1153,8 +1220,7 @@ def get_concrete_specs(root_spec, job_name, related_builds, compiler_action):
        # again.  The reason we take this path in the first case (bootstrapped
        # compiler), is that we can't concretize a spec at this point if we're
        # going to ask spack to "install_missing_compilers".
-        concrete_root = Spec.from_yaml(
-            str(zlib.decompress(base64.b64decode(root_spec)).decode('utf-8')))
+        concrete_root = env.specs_by_hash[root_spec]

    spec_map['root'] = concrete_root
    spec_map[job_name] = concrete_root[job_name]
@@ -1195,7 +1261,8 @@ def register_cdash_build(build_name, base_url, project, site, track):

    if response_code != 200 and response_code != 201:
        msg = 'Adding build failed (response code = {0}'.format(response_code)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return (None, None)

    response_text = response.read()
    response_json = json.loads(response_text)
@@ -1205,7 +1272,7 @@ def register_cdash_build(build_name, base_url, project, site, track):


 def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,
-                        cdashids_mirror_url):
+                        cdashids_mirror_urls):
    if not job_build_id:
        return

@@ -1221,7 +1288,20 @@ def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,
    for dep_pkg_name in dep_map:
        tty.debug('Fetching cdashid file for {0}'.format(dep_pkg_name))
        dep_spec = dep_map[dep_pkg_name]
-        dep_build_id = read_cdashid_from_mirror(dep_spec, cdashids_mirror_url)
+        dep_build_id = None
+
+        for url in cdashids_mirror_urls:
+            try:
+                if url:
+                    dep_build_id = read_cdashid_from_mirror(dep_spec, url)
+                    break
+            except web_util.SpackWebError:
+                tty.debug('Did not find cdashid for {0} on {1}'.format(
+                    dep_pkg_name, url))
+        else:
+            tty.warn('Did not find cdashid for {0} anywhere'.format(
+                dep_pkg_name))
+            return

        payload = {
            "project": cdash_project,
@@ -1236,16 +1316,20 @@ def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,

        request = Request(cdash_api_url, data=enc_data, headers=headers)

-        response = opener.open(request)
-        response_code = response.getcode()
+        try:
+            response = opener.open(request)
+            response_code = response.getcode()

-        if response_code != 200 and response_code != 201:
-            msg = 'Relate builds ({0} -> {1}) failed (resp code = {2})'.format(
-                job_build_id, dep_build_id, response_code)
-            raise SpackError(msg)
+            if response_code != 200 and response_code != 201:
+                msg = 'Relate builds ({0} -> {1}) failed (resp code = {2})'.format(
+                    job_build_id, dep_build_id, response_code)
+                tty.warn(msg)
+                return

-        response_text = response.read()
-        tty.debug('Relate builds response: {0}'.format(response_text))
+            response_text = response.read()
+            tty.debug('Relate builds response: {0}'.format(response_text))
+        except Exception as e:
+            print("Relating builds in CDash failed: {0}".format(e))


 def write_cdashid_to_mirror(cdashid, spec, mirror_url):
@@ -1265,7 +1349,16 @@ def write_cdashid_to_mirror(cdashid, spec, mirror_url):
        tty.debug('pushing cdashid to url')
        tty.debug('  local file path: {0}'.format(local_cdash_path))
        tty.debug('  remote url: {0}'.format(remote_url))
-        web_util.push_to_url(local_cdash_path, remote_url)
+
+        try:
+            web_util.push_to_url(local_cdash_path, remote_url)
+        except Exception as inst:
+            # No matter what went wrong here, don't allow the pipeline to fail
+            # just because there was an issue storing the cdashid on the mirror
+            msg = 'Failed to write cdashid {0} to mirror {1}'.format(
+                cdashid, mirror_url)
+            tty.warn(inst)
+            tty.warn(msg)


 def read_cdashid_from_mirror(spec, mirror_url):
@@ -1283,40 +1376,34 @@ def read_cdashid_from_mirror(spec, mirror_url):
    return int(contents)


-def push_mirror_contents(env, spec, yaml_path, mirror_url, build_id,
-                         sign_binaries):
-    if mirror_url:
-        try:
-            unsigned = not sign_binaries
-            tty.debug('Creating buildcache ({0})'.format(
-                'unsigned' if unsigned else 'signed'))
-            spack.cmd.buildcache._createtarball(
-                env, spec_yaml=yaml_path, add_deps=False,
-                output_location=mirror_url, force=True, allow_root=True,
-                unsigned=unsigned)
-            if build_id:
-                tty.debug('Writing cdashid ({0}) to remote mirror: {1}'.format(
-                    build_id, mirror_url))
-                write_cdashid_to_mirror(build_id, spec, mirror_url)
-        except Exception as inst:
-            # If the mirror we're pushing to is on S3 and there's some
-            # permissions problem, for example, we can't just target
-            # that exception type here, since users of the
-            # `spack ci rebuild' may not need or want any dependency
-            # on boto3.  So we use the first non-boto exception type
-            # in the heirarchy:
-            #     boto3.exceptions.S3UploadFailedError
-            #     boto3.exceptions.Boto3Error
-            #     Exception
-            #     BaseException
-            #     object
-            err_msg = 'Error msg: {0}'.format(inst)
-            if 'Access Denied' in err_msg:
-                tty.msg('Permission problem writing to {0}'.format(
-                    mirror_url))
-                tty.msg(err_msg)
-            else:
-                raise inst
+def push_mirror_contents(env, spec, yaml_path, mirror_url, sign_binaries):
+    try:
+        unsigned = not sign_binaries
+        tty.debug('Creating buildcache ({0})'.format(
+            'unsigned' if unsigned else 'signed'))
+        spack.cmd.buildcache._createtarball(
+            env, spec_yaml=yaml_path, add_deps=False,
+            output_location=mirror_url, force=True, allow_root=True,
+            unsigned=unsigned)
+    except Exception as inst:
+        # If the mirror we're pushing to is on S3 and there's some
+        # permissions problem, for example, we can't just target
+        # that exception type here, since users of the
+        # `spack ci rebuild' may not need or want any dependency
+        # on boto3.  So we use the first non-boto exception type
+        # in the heirarchy:
+        #     boto3.exceptions.S3UploadFailedError
+        #     boto3.exceptions.Boto3Error
+        #     Exception
+        #     BaseException
+        #     object
+        err_msg = 'Error msg: {0}'.format(inst)
+        if any(x in err_msg for x in ['Access Denied', 'InvalidAccessKeyId']):
+            tty.msg('Permission problem writing to {0}'.format(
+                mirror_url))
+            tty.msg(err_msg)
+        else:
+            raise inst


 def copy_stage_logs_to_artifacts(job_spec, job_log_dir):
@@ -1335,3 +1422,307 @@ def copy_stage_logs_to_artifacts(job_spec, job_log_dir):
        msg = ('Unable to copy build logs from stage to artifacts '
               'due to exception: {0}').format(inst)
        tty.error(msg)
+
+
+def download_and_extract_artifacts(url, work_dir):
+    tty.msg('Fetching artifacts from: {0}\n'.format(url))
+
+    headers = {
+        'Content-Type': 'application/zip',
+    }
+
+    token = os.environ.get('GITLAB_PRIVATE_TOKEN', None)
+    if token:
+        headers['PRIVATE-TOKEN'] = token
+
+    opener = build_opener(HTTPHandler)
+
+    request = Request(url, headers=headers)
+    request.get_method = lambda: 'GET'
+
+    response = opener.open(request)
+    response_code = response.getcode()
+
+    if response_code != 200:
+        msg = 'Error response code ({0}) in reproduce_ci_job'.format(
+            response_code)
+        raise SpackError(msg)
+
+    artifacts_zip_path = os.path.join(work_dir, 'artifacts.zip')
+
+    if not os.path.exists(work_dir):
+        os.makedirs(work_dir)
+
+    with open(artifacts_zip_path, 'wb') as out_file:
+        shutil.copyfileobj(response, out_file)
+
+    zip_file = zipfile.ZipFile(artifacts_zip_path)
+    zip_file.extractall(work_dir)
+    zip_file.close()
+
+    os.remove(artifacts_zip_path)
+
+
+def get_spack_info():
+    git_path = os.path.join(spack.paths.prefix, ".git")
+    if os.path.exists(git_path):
+        git = exe.which("git")
+        if git:
+            with fs.working_dir(spack.paths.prefix):
+                git_log = git("log", "-1",
+                              output=str, error=os.devnull,
+                              fail_on_error=False)
+
+            return git_log
+
+    return 'no git repo, use spack {0}'.format(spack.spack_version)
+
+
+def setup_spack_repro_version(repro_dir, checkout_commit, merge_commit=None):
+    # figure out the path to the spack git version being used for the
+    # reproduction
+    print('checkout_commit: {0}'.format(checkout_commit))
+    print('merge_commit: {0}'.format(merge_commit))
+
+    dot_git_path = os.path.join(spack.paths.prefix, ".git")
+    if not os.path.exists(dot_git_path):
+        tty.error('Unable to find the path to your local spack clone')
+        return False
+
+    spack_git_path = spack.paths.prefix
+
+    git = exe.which("git")
+    if not git:
+        tty.error("reproduction of pipeline job requires git")
+        return False
+
+    # Check if we can find the tested commits in your local spack repo
+    with fs.working_dir(spack_git_path):
+        git("log", "-1", checkout_commit, output=str, error=os.devnull,
+            fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Missing commit: {0}'.format(checkout_commit))
+            return False
+
+        if merge_commit:
+            git("log", "-1", merge_commit, output=str, error=os.devnull,
+                fail_on_error=False)
+
+            if git.returncode != 0:
+                tty.error('Missing commit: {0}'.format(merge_commit))
+                return False
+
+    # Next attempt to clone your local spack repo into the repro dir
+    with fs.working_dir(repro_dir):
+        clone_out = git("clone", spack_git_path,
+                        output=str, error=os.devnull,
+                        fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Unable to clone your local spac repo:')
+            tty.msg(clone_out)
+            return False
+
+    # Finally, attempt to put the cloned repo into the same state used during
+    # the pipeline build job
+    repro_spack_path = os.path.join(repro_dir, 'spack')
+    with fs.working_dir(repro_spack_path):
+        co_out = git("checkout", checkout_commit,
+                     output=str, error=os.devnull,
+                     fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Unable to checkout {0}'.format(checkout_commit))
+            tty.msg(co_out)
+            return False
+
+        if merge_commit:
+            merge_out = git("-c", "user.name=cirepro", "-c",
+                            "user.email=user@email.org", "merge",
+                            "--no-edit", merge_commit,
+                            output=str, error=os.devnull,
+                            fail_on_error=False)
+
+            if git.returncode != 0:
+                tty.error('Unable to merge {0}'.format(merge_commit))
+                tty.msg(merge_out)
+                return False
+
+    return True
+
+
+def reproduce_ci_job(url, work_dir):
+    download_and_extract_artifacts(url, work_dir)
+
+    lock_file = fs.find(work_dir, 'spack.lock')[0]
+    concrete_env_dir = os.path.dirname(lock_file)
+
+    tty.debug('Concrete environment directory: {0}'.format(
+        concrete_env_dir))
+
+    yaml_files = fs.find(work_dir, ['*.yaml', '*.yml'])
+
+    tty.debug('yaml files:')
+    for yaml_file in yaml_files:
+        tty.debug('  {0}'.format(yaml_file))
+
+    pipeline_yaml = None
+
+    # Try to find the dynamically generated pipeline yaml file in the
+    # reproducer.  If the user did not put it in the artifacts root,
+    # but rather somewhere else and exported it as an artifact from
+    # that location, we won't be able to find it.
+    for yf in yaml_files:
+        with open(yf) as y_fd:
+            yaml_obj = syaml.load(y_fd)
+            if 'variables' in yaml_obj and 'stages' in yaml_obj:
+                pipeline_yaml = yaml_obj
+
+    if pipeline_yaml:
+        tty.debug('\n{0} is likely your pipeline file'.format(yf))
+
+    # Find the install script in the unzipped artifacts and make it executable
+    install_script = fs.find(work_dir, 'install.sh')[0]
+    st = os.stat(install_script)
+    os.chmod(install_script, st.st_mode | stat.S_IEXEC)
+
+    # Find the repro details file.  This just includes some values we wrote
+    # during `spack ci rebuild` to make reproduction easier.  E.g. the job
+    # name is written here so we can easily find the configuration of the
+    # job from the generated pipeline file.
+    repro_file = fs.find(work_dir, 'repro.json')[0]
+    repro_details = None
+    with open(repro_file) as fd:
+        repro_details = json.load(fd)
+
+    repro_dir = os.path.dirname(repro_file)
+    rel_repro_dir = repro_dir.replace(work_dir, '').lstrip(os.path.sep)
+
+    # Find the spack info text file that should contain the git log
+    # of the HEAD commit used during the CI build
+    spack_info_file = fs.find(work_dir, 'spack_info.txt')[0]
+    with open(spack_info_file) as fd:
+        spack_info = fd.read()
+
+    # Access the specific job configuration
+    job_name = repro_details['job_name']
+    job_yaml = None
+
+    if job_name in pipeline_yaml:
+        job_yaml = pipeline_yaml[job_name]
+
+    if job_yaml:
+        tty.debug('Found job:')
+        tty.debug(job_yaml)
+
+    job_image = None
+    setup_result = False
+    if 'image' in job_yaml:
+        job_image_elt = job_yaml['image']
+        if 'name' in job_image_elt:
+            job_image = job_image_elt['name']
+        else:
+            job_image = job_image_elt
+        tty.msg('Job ran with the following image: {0}'.format(job_image))
+
+        # Because we found this job was run with a docker image, so we will try
+        # to print a "docker run" command that bind-mounts the directory where
+        # we extracted the artifacts.
+
+        # Destination of bind-mounted reproduction directory.  It makes for a
+        # more faithful reproducer if everything appears to run in the same
+        # absolute path used during the CI build.
+        mount_as_dir = '/work'
+        if repro_details:
+            mount_as_dir = repro_details['ci_project_dir']
+            mounted_repro_dir = os.path.join(mount_as_dir, rel_repro_dir)
+
+        # We will also try to clone spack from your local checkout and
+        # reproduce the state present during the CI build, and put that into
+        # the bind-mounted reproducer directory.
+
+        # Regular expressions for parsing that HEAD commit.  If the pipeline
+        # was on the gitlab spack mirror, it will have been a merge commit made by
+        # gitub and pushed by the sync script.  If the pipeline was run on some
+        # environment repo, then the tested spack commit will likely have been
+        # a regular commit.
+        commit_1 = None
+        commit_2 = None
+        commit_regex = re.compile(r"commit\s+([^\s]+)")
+        merge_commit_regex = re.compile(r"Merge\s+([^\s]+)\s+into\s+([^\s]+)")
+
+        # Try the more specific merge commit regex first
+        m = merge_commit_regex.search(spack_info)
+        if m:
+            # This was a merge commit and we captured the parents
+            commit_1 = m.group(1)
+            commit_2 = m.group(2)
+        else:
+            # Not a merge commit, just get the commit sha
+            m = commit_regex.search(spack_info)
+            if m:
+                commit_1 = m.group(1)
+
+        setup_result = False
+        if commit_1:
+            if commit_2:
+                setup_result = setup_spack_repro_version(
+                    work_dir, commit_2, merge_commit=commit_1)
+            else:
+                setup_result = setup_spack_repro_version(work_dir, commit_1)
+
+        if not setup_result:
+            setup_msg = """
+        This can happen if the spack you are using to run this command is not a git
+        repo, or if it is a git repo, but it does not have the commits needed to
+        recreate the tested merge commit.  If you are trying to reproduce a spack
+        PR pipeline job failure, try fetching the latest develop commits from
+        mainline spack and make sure you have the most recent commit of the PR
+        branch in your local spack repo.  Then run this command again.
+        Alternatively, you can also manually clone spack if you know the version
+        you want to test.
+            """
+            tty.error('Failed to automatically setup the tested version of spack '
+                      'in your local reproduction directory.')
+            print(setup_msg)
+
+    # In cases where CI build was run on a shell runner, it might be useful
+    # to see what tags were applied to the job so the user knows what shell
+    # runner was used.  But in that case in general, we cannot do nearly as
+    # much to set up the reproducer.
+    job_tags = None
+    if 'tags' in job_yaml:
+        job_tags = job_yaml['tags']
+        tty.msg('Job ran with the following tags: {0}'.format(job_tags))
+
+    inst_list = []
+
+    # Finally, print out some instructions to reproduce the build
+    if job_image:
+        inst_list.append('\nRun the following command:\n\n')
+        inst_list.append('    $ docker run --rm -v {0}:{1} -ti {2}\n'.format(
+            work_dir, mount_as_dir, job_image))
+        inst_list.append('\nOnce inside the container:\n\n')
+    else:
+        inst_list.append('\nOnce on the tagged runner:\n\n')
+
+    if not setup_result:
+        inst_list.append('    - Clone spack and acquire tested commit\n')
+        inst_list.append('{0}'.format(spack_info))
+        spack_root = '<spack-clone-path>'
+    else:
+        spack_root = '{0}/spack'.format(mount_as_dir)
+
+    inst_list.append('    - Activate the environment\n\n')
+    inst_list.append('        $ source {0}/share/spack/setup-env.sh\n'.format(
+        spack_root))
+    inst_list.append(
+        '        $ spack env activate --without-view {0}\n\n'.format(
+            mounted_repro_dir if job_image else repro_dir))
+    inst_list.append('    - Run the install script\n\n')
+    inst_list.append('        $ {0}\n'.format(
+        os.path.join(mounted_repro_dir, 'install.sh')
+        if job_image else install_script))
+
+    print(''.join(inst_list))
--- a/lib/spack/spack/cmd/init.py
+++ b/lib/spack/spack/cmd/init.py
@@ -5,19 +5,20 @@

 from __future__ import print_function

+import argparse
 import os
 import re
 import sys
-import argparse
-import ruamel.yaml as yaml

+import ruamel.yaml as yaml
 import six
+from ruamel.yaml.error import MarkedYAMLError

 import llnl.util.tty as tty
+from llnl.util.filesystem import join_path
 from llnl.util.lang import attr_setdefault, index_by
 from llnl.util.tty.colify import colify
 from llnl.util.tty.color import colorize
-from llnl.util.filesystem import join_path

 import spack.config
 import spack.error
@@ -27,8 +28,6 @@
 import spack.store
 import spack.util.spack_json as sjson
 import spack.util.string
-from ruamel.yaml.error import MarkedYAMLError
-

 # cmd has a submodule called "list" so preserve the python list module
 python_list = list
@@ -217,10 +216,10 @@ def disambiguate_spec(spec, env, local=False, installed=True, first=False):
        spec (spack.spec.Spec): a spec to disambiguate
        env (spack.environment.Environment): a spack environment,
            if one is active, or None if no environment is active
-        local (boolean, default False): do not search chained spack instances
-        installed (boolean or any, or spack.database.InstallStatus or iterable
-            of spack.database.InstallStatus): install status argument passed to
-            database query. See ``spack.database.Database._query`` for details.
+        local (bool): do not search chained spack instances
+        installed (bool or spack.database.InstallStatus or typing.Iterable):
+            install status argument passed to database query.
+            See ``spack.database.Database._query`` for details.
    """
    hashes = env.all_hashes() if env else None
    return disambiguate_spec_from_hashes(spec, hashes, local, installed, first)
@@ -232,11 +231,11 @@ def disambiguate_spec_from_hashes(spec, hashes, local=False,

    Arguments:
        spec (spack.spec.Spec): a spec to disambiguate
-        hashes (iterable): a set of hashes of specs among which to disambiguate
-        local (boolean, default False): do not search chained spack instances
-        installed (boolean or any, or spack.database.InstallStatus or iterable
-            of spack.database.InstallStatus): install status argument passed to
-            database query. See ``spack.database.Database._query`` for details.
+        hashes (typing.Iterable): a set of hashes of specs among which to disambiguate
+        local (bool): do not search chained spack instances
+        installed (bool or spack.database.InstallStatus or typing.Iterable):
+            install status argument passed to database query.
+            See ``spack.database.Database._query`` for details.
    """
    if local:
        matching_specs = spack.store.db.query_local(spec, hashes=hashes,
@@ -334,9 +333,8 @@ def display_specs(specs, args=None, **kwargs):
    namespace.

    Args:
-        specs (list of spack.spec.Spec): the specs to display
-        args (optional argparse.Namespace): namespace containing
-            formatting arguments
+        specs (list): the specs to display
+        args (argparse.Namespace or None): namespace containing formatting arguments

    Keyword Args:
        paths (bool): Show paths with each displayed spec
@@ -349,9 +347,9 @@ def display_specs(specs, args=None, **kwargs):
        indent (int): indent each line this much
        groups (bool): display specs grouped by arch/compiler (default True)
        decorators (dict): dictionary mappng specs to decorators
-        header_callback (function): called at start of arch/compiler groups
+        header_callback (typing.Callable): called at start of arch/compiler groups
        all_headers (bool): show headers even when arch/compiler aren't defined
-        output (stream): A file object to write to. Default is ``sys.stdout``
+        output (typing.IO): A file object to write to. Default is ``sys.stdout``

    """
    def get_arg(name, default=None):
--- a/lib/spack/spack/cmd/add.py
+++ b/lib/spack/spack/cmd/add.py
@@ -9,7 +9,6 @@
 import spack.cmd.common.arguments as arguments
 import spack.environment as ev

-
 description = 'add a spec to an environment'
 section = "environments"
 level = "long"
--- a/lib/spack/spack/cmd/analyze.py
+++ b/lib/spack/spack/cmd/analyze.py
@@ -17,7 +17,6 @@
 import spack.paths
 import spack.report

-
 description = "run analyzers on installed packages"
 section = "analysis"
 level = "long"
@@ -59,9 +58,9 @@ def analyze_spec(spec, analyzers=None, outdir=None, monitor=None, overwrite=Fals
    analyze_spec(spec, args.analyzers, args.outdir, monitor)

    Args:
-        spec (Spec): spec object of installed package
+        spec (spack.spec.Spec): spec object of installed package
        analyzers (list): list of analyzer (keys) to run
-        monitor (monitor.SpackMonitorClient): a monitor client
+        monitor (spack.monitor.SpackMonitorClient): a monitor client
        overwrite (bool): overwrite result if already exists
    """
    analyzers = analyzers or list(spack.analyzers.analyzer_types.keys())
--- a/lib/spack/spack/cmd/arch.py
+++ b/lib/spack/spack/cmd/arch.py
@@ -8,8 +8,10 @@
 import collections

 import archspec.cpu
+
 import llnl.util.tty.colify as colify
 import llnl.util.tty.color as color
+
 import spack.architecture as architecture

 description = "print architecture information about this machine"
--- a/lib/spack/spack/cmd/audit.py
+++ b/lib/spack/spack/cmd/audit.py
@@ -0,0 +1,80 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+import llnl.util.tty.color as cl
+
+import spack.audit
+import spack.repo
+
+description = "audit configuration files, packages, etc."
+section = "system"
+level = "short"
+
+
+def setup_parser(subparser):
+    # Top level flags, valid for every audit class
+    sp = subparser.add_subparsers(metavar='SUBCOMMAND', dest='subcommand')
+
+    # Audit configuration files
+    sp.add_parser('configs', help='audit configuration files')
+
+    # Audit package recipes
+    pkg_parser = sp.add_parser('packages', help='audit package recipes')
+    pkg_parser.add_argument(
+        'name', metavar='PKG', nargs='*',
+        help='package to be analyzed (if none all packages will be processed)',
+    )
+
+    # List all checks
+    sp.add_parser('list', help='list available checks and exits')
+
+
+def configs(parser, args):
+    reports = spack.audit.run_group(args.subcommand)
+    _process_reports(reports)
+
+
+def packages(parser, args):
+    pkgs = args.name or spack.repo.path.all_package_names()
+    reports = spack.audit.run_group(args.subcommand, pkgs=pkgs)
+    _process_reports(reports)
+
+
+def list(parser, args):
+    for subcommand, check_tags in spack.audit.GROUPS.items():
+        print(cl.colorize('@*b{' + subcommand + '}:'))
+        for tag in check_tags:
+            audit_obj = spack.audit.CALLBACKS[tag]
+            print('  ' + audit_obj.description)
+            if args.verbose:
+                for idx, fn in enumerate(audit_obj.callbacks):
+                    print('    {0}. '.format(idx + 1) + fn.__doc__)
+                print()
+        print()
+
+
+def audit(parser, args):
+    subcommands = {
+        'configs': configs,
+        'packages': packages,
+        'list': list
+    }
+    subcommands[args.subcommand](parser, args)
+
+
+def _process_reports(reports):
+    for check, errors in reports:
+        if errors:
+            msg = '{0}: {1} issue{2} found'.format(
+                check, len(errors), '' if len(errors) == 1 else 's'
+            )
+            header = '@*b{' + msg + '}'
+            print(cl.colorize(header))
+            for idx, error in enumerate(errors):
+                print(str(idx + 1) + '. ' + str(error))
+            raise SystemExit(1)
+        else:
+            msg = '{0}: 0 issues found.'.format(check)
+            header = '@*b{' + msg + '}'
+            print(cl.colorize(header))
--- a/lib/spack/spack/cmd/blame.py
+++ b/lib/spack/spack/cmd/blame.py
@@ -5,17 +5,18 @@

 import os
 import re
+import sys

 import llnl.util.tty as tty
-from llnl.util.lang import pretty_date
 from llnl.util.filesystem import working_dir
+from llnl.util.lang import pretty_date
 from llnl.util.tty.colify import colify_table

 import spack.paths
 import spack.repo
-from spack.util.executable import which
+import spack.util.spack_json as sjson
 from spack.cmd import spack_is_git_repo
-
+from spack.util.executable import which

 description = "show contributors to packages"
 section = "developer"
@@ -33,12 +34,57 @@ def setup_parser(subparser):
    view_group.add_argument(
        '-g', '--git', dest='view', action='store_const', const='git',
        help='show git blame output instead of summary')
+    subparser.add_argument(
+        "--json", action="store_true", default=False,
+        help="output blame as machine-readable json records")

    subparser.add_argument(
        'package_or_file', help='name of package to show contributions for, '
        'or path to a file in the spack repo')


+def print_table(rows, last_mod, total_lines, emails):
+    """
+    Given a set of rows with authors and lines, print a table.
+    """
+    table = [['LAST_COMMIT', 'LINES', '%', 'AUTHOR', 'EMAIL']]
+    for author, nlines in rows:
+        table += [[
+            pretty_date(last_mod[author]),
+            nlines,
+            round(nlines / float(total_lines) * 100, 1),
+            author,
+            emails[author]]]
+
+    table += [[''] * 5]
+    table += [[pretty_date(max(last_mod.values())), total_lines, '100.0'] +
+              [''] * 3]
+
+    colify_table(table)
+
+
+def dump_json(rows, last_mod, total_lines, emails):
+    """
+    Dump the blame as a json object to the terminal.
+    """
+    result = {}
+    authors = []
+    for author, nlines in rows:
+        authors.append({
+            "last_commit": pretty_date(last_mod[author]),
+            "lines": nlines,
+            "percentage": round(nlines / float(total_lines) * 100, 1),
+            "author": author,
+            "email": emails[author]
+        })
+
+    result['authors'] = authors
+    result["totals"] = {"last_commit": pretty_date(max(last_mod.values())),
+                        "lines": total_lines, "percentage": "100.0"}
+
+    sjson.dump(result, sys.stdout)
+
+
 def blame(parser, args):
    # make sure this is a git repo
    if not spack_is_git_repo():
@@ -96,18 +142,10 @@ def blame(parser, args):
    else:  # args.view == 'percent'
        rows = sorted(counts.items(), key=lambda t: t[1], reverse=True)

+    # Dump as json
+    if args.json:
+        dump_json(rows, last_mod, total_lines, emails)
+
    # Print a nice table with authors and emails
-    table = [['LAST_COMMIT', 'LINES', '%', 'AUTHOR', 'EMAIL']]
-    for author, nlines in rows:
-        table += [[
-            pretty_date(last_mod[author]),
-            nlines,
-            round(nlines / float(total_lines) * 100, 1),
-            author,
-            emails[author]]]
-
-    table += [[''] * 5]
-    table += [[pretty_date(max(last_mod.values())), total_lines, '100.0'] +
-              [''] * 3]
-
-    colify_table(table)
+    else:
+        print_table(rows, last_mod, total_lines, emails)
--- a/Show More
+++ b/Show More