add test, minor refactor to make testing easier

keep 5 views around by default
imports: sort imports everywhere in Spack (#24695 )
2021-07-08 17:49:11 -07:00 · 2021-07-08 17:48:29 -07:00 · 2021-07-08 22:12:30 +00:00 · 2021-07-08 15:17:44 -04:00 · 2021-07-08 17:07:26 +02:00 · 2021-07-07 17:27:31 -07:00
1928 changed files with 42185 additions and 12385 deletions
--- a/.codecov.yml
+++ b/.codecov.yml
@@ -14,3 +14,8 @@ ignore:
  - share/spack/qa/.*

 comment: off
+
+# Inline codecov annotations make the code hard to read, and they add
+# annotations in files that seemingly have nothing to do with the PR.
+github_checks:
+    annotations: false
--- a/.dockerignore
+++ b/.dockerignore
@@ -8,4 +8,4 @@ share/spack/dotkit/*
 share/spack/lmod/*
 share/spack/modules/*
 lib/spack/spack/test/*
-
+var/spack/cache/*
--- a/.github/actions/add-maintainers-as-reviewers/Dockerfile
+++ b/.github/actions/add-maintainers-as-reviewers/Dockerfile
@@ -1,6 +0,0 @@
-FROM python:3.7-alpine
-
-RUN pip install pygithub
-
-ADD entrypoint.py /entrypoint.py
-ENTRYPOINT ["/entrypoint.py"]
--- a/.github/actions/add-maintainers-as-reviewers/entrypoint.py
+++ b/.github/actions/add-maintainers-as-reviewers/entrypoint.py
@@ -1,85 +0,0 @@
-#!/usr/bin/env python
-#
-# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
-# Spack Project Developers. See the top-level COPYRIGHT file for details.
-#
-# SPDX-License-Identifier: (Apache-2.0 OR MIT)
-
-"""Maintainer review action.
-
-This action checks which packages have changed in a PR, and adds their
-maintainers to the pull request for review.
-"""
-
-import json
-import os
-import re
-import subprocess
-
-from github import Github
-
-
-def spack(*args):
-    """Run the spack executable with arguments, and return the output split.
-
-    This does just enough to run `spack pkg` and `spack maintainers`, the
-    two commands used by this action.
-    """
-    github_workspace = os.environ['GITHUB_WORKSPACE']
-    spack = os.path.join(github_workspace, 'bin', 'spack')
-    output = subprocess.check_output([spack] + list(args))
-    split = re.split(r'\s*', output.decode('utf-8').strip())
-    return [s for s in split if s]
-
-
-def main():
-    # get these first so that we'll fail early
-    token = os.environ['GITHUB_TOKEN']
-    event_path = os.environ['GITHUB_EVENT_PATH']
-
-    with open(event_path) as file:
-        data = json.load(file)
-
-    # make sure it's a pull_request event
-    assert 'pull_request' in data
-
-    # only request reviews on open, edit, or reopen
-    action = data['action']
-    if action not in ('opened', 'edited', 'reopened'):
-        return
-
-    # get data from the event payload
-    pr_data             = data['pull_request']
-    base_branch_name    = pr_data['base']['ref']
-    full_repo_name      = pr_data['base']['repo']['full_name']
-    pr_number           = pr_data['number']
-    requested_reviewers = pr_data['requested_reviewers']
-    author              = pr_data['user']['login']
-
-    # get a list of packages that this PR modified
-    changed_pkgs = spack(
-        'pkg', 'changed', '--type', 'ac', '%s...' % base_branch_name)
-
-    # get maintainers for all modified packages
-    maintainers = set()
-    for pkg in changed_pkgs:
-        pkg_maintainers = set(spack('maintainers', pkg))
-        maintainers |= pkg_maintainers
-
-    # remove any maintainers who are already on the PR, and the author,
-    # as you can't review your own PR)
-    maintainers -= set(requested_reviewers)
-    maintainers -= set([author])
-
-    if not maintainers:
-        return
-
-    # request reviews from each maintainer
-    gh = Github(token)
-    repo = gh.get_repo(full_repo_name)
-    pr = repo.get_pull(pr_number)
-    pr.create_review_request(list(maintainers))
-
-
-if __name__ == "__main__":
-    main()
--- a/.github/workflows/linux_build_tests.yaml
+++ b/.github/workflows/linux_build_tests.yaml
@@ -42,14 +42,14 @@ jobs:
        package:
        - lz4  # MakefilePackage
        - mpich~fortran  # AutotoolsPackage
-        - tut  # WafPackage
+        - 'tut%gcc@:10.99.99'  # WafPackage
        - py-setuptools  # PythonPackage
        - openjpeg  # CMakePackage
        - r-rcpp  # RPackage
        - ruby-rake  # RubyPackage
    steps:
    - uses: actions/checkout@v2
-    - uses: actions/cache@v2.1.4
+    - uses: actions/cache@v2.1.6
      with:
        path: ~/.ccache
        key: ccache-build-${{ matrix.package }}
--- a/.github/workflows/unit_tests.yaml
+++ b/.github/workflows/unit_tests.yaml
@@ -24,9 +24,9 @@ jobs:
        pip install --upgrade pip
        pip install --upgrade vermin
    - name: vermin (Spack's Core)
-      run: vermin --backport argparse --backport typing -t=2.6- -t=3.5- -v lib/spack/spack/ lib/spack/llnl/ bin/
+      run: vermin --backport argparse --violations --backport typing -t=2.6- -t=3.5- -vvv lib/spack/spack/ lib/spack/llnl/ bin/
    - name: vermin (Repositories)
-      run: vermin --backport argparse --backport typing -t=2.6- -t=3.5- -v var/spack/repos
+      run: vermin --backport argparse --violations --backport typing -t=2.6- -t=3.5- -vvv var/spack/repos
  # Run style checks on the files that have been changed
  style:
    runs-on: ubuntu-latest
@@ -39,7 +39,7 @@ jobs:
        python-version: 3.9
    - name: Install Python packages
      run: |
-        pip install --upgrade pip six setuptools flake8 mypy>=0.800 black
+        pip install --upgrade pip six setuptools flake8 isort>=4.3.5 mypy>=0.800 black types-six
    - name: Setup git configuration
      run: |
        # Need this for the git tests to succeed.
@@ -129,8 +129,9 @@ jobs:
      run: |
          sudo apt-get -y update
          # Needed for unit tests
-          sudo apt-get install -y coreutils gfortran graphviz gnupg2 mercurial
-          sudo apt-get install -y ninja-build patchelf
+          sudo apt-get -y install \
+              coreutils cvs gfortran graphviz gnupg2 mercurial  ninja-build \
+              patchelf
          # Needed for kcov
          sudo apt-get -y install cmake binutils-dev libcurl4-openssl-dev
          sudo apt-get -y install zlib1g-dev libdw-dev libiberty-dev
@@ -155,6 +156,8 @@ jobs:
          make -C ${KCOV_ROOT}/build && sudo  make -C ${KCOV_ROOT}/build install
    - name: Bootstrap clingo from sources
      if: ${{ matrix.concretizer == 'clingo' }}
+      env:
+          SPACK_PYTHON: python
      run: |
          . share/spack/setup-env.sh
          spack external find --not-buildable cmake bison
@@ -162,6 +165,7 @@ jobs:
    - name: Run unit tests (full suite with coverage)
      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
      env:
+          SPACK_PYTHON: python
          COVERAGE: true
          SPACK_TEST_SOLVER: ${{ matrix.concretizer }}
      run: |
@@ -171,6 +175,7 @@ jobs:
    - name: Run unit tests (reduced suite without coverage)
      if: ${{ needs.changes.outputs.with_coverage == 'false' }}
      env:
+          SPACK_PYTHON: python
          ONLY_PACKAGES: true
          SPACK_TEST_SOLVER: ${{ matrix.concretizer }}
      run: |
@@ -283,40 +288,70 @@ jobs:
          useradd spack-test
          chown -R spack-test .
    - name: Run unit tests
-      env:
-          SPACK_PYTHON: /usr/libexec/platform-python
      shell: runuser -u spack-test -- bash {0}
      run: |
          source share/spack/setup-env.sh
-          spack unit-test -k 'not svn and not hg' -x --verbose
+          spack unit-test -k 'not cvs and not svn and not hg' -x --verbose
  # Test for the clingo based solver (using clingo-cffi)
  clingo-cffi:
    needs: [ validate, style, documentation, changes ]
    runs-on: ubuntu-latest
-    container: spack/github-actions:clingo-cffi
    steps:
-      - name: Run unit tests
-        run: |
-          whoami && echo PWD=$PWD && echo HOME=$HOME && echo SPACK_TEST_SOLVER=$SPACK_TEST_SOLVER
-          python3 -c "import clingo; print(hasattr(clingo.Symbol, '_rep'), clingo.__version__)"
-          git clone https://github.com/spack/spack.git && cd spack
-          git fetch origin ${{ github.ref }}:test-branch
-          git checkout test-branch
-          . share/spack/setup-env.sh
-          spack compiler find
-          spack solve mpileaks%gcc
-          if [ "${{ needs.changes.outputs.with_coverage }}" == "true" ]
-          then
-            coverage run $(which spack) unit-test -v -x
-            coverage combine
-            coverage xml
-          else
-            $(which spack) unit-test -m "not maybeslow" -k "package_sanity"
-          fi
-      - uses: codecov/codecov-action@v1
-        if: ${{ needs.changes.outputs.with_coverage == 'true' }}
-        with:
-          flags: unittests,linux,clingo
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install System packages
+      run: |
+          sudo apt-get -y update
+          # Needed for unit tests
+          sudo apt-get -y install \
+              coreutils cvs gfortran graphviz gnupg2 mercurial ninja-build \
+              patchelf
+          # Needed for kcov
+          sudo apt-get -y install cmake binutils-dev libcurl4-openssl-dev
+          sudo apt-get -y install zlib1g-dev libdw-dev libiberty-dev
+    - name: Install kcov for bash script coverage
+      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
+      env:
+          KCOV_VERSION: 34
+      run: |
+          KCOV_ROOT=$(mktemp -d)
+          wget --output-document=${KCOV_ROOT}/${KCOV_VERSION}.tar.gz https://github.com/SimonKagstrom/kcov/archive/v${KCOV_VERSION}.tar.gz
+          tar -C ${KCOV_ROOT} -xzvf ${KCOV_ROOT}/${KCOV_VERSION}.tar.gz
+          mkdir -p ${KCOV_ROOT}/build
+          cd ${KCOV_ROOT}/build && cmake -Wno-dev ${KCOV_ROOT}/kcov-${KCOV_VERSION} && cd -
+          make -C ${KCOV_ROOT}/build && sudo  make -C ${KCOV_ROOT}/build install
+    - name: Install Python packages
+      run: |
+          pip install --upgrade pip six setuptools codecov coverage clingo
+    - name: Setup git configuration
+      run: |
+          # Need this for the git tests to succeed.
+          git --version
+          . .github/workflows/setup_git.sh
+    - name: Run unit tests (full suite with coverage)
+      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
+      env:
+          COVERAGE: true
+          SPACK_TEST_SOLVER: clingo
+      run: |
+          share/spack/qa/run-unit-tests
+          coverage combine
+          coverage xml
+    - name: Run unit tests (reduced suite without coverage)
+      if: ${{ needs.changes.outputs.with_coverage == 'false' }}
+      env:
+          ONLY_PACKAGES: true
+          SPACK_TEST_SOLVER: clingo
+      run: |
+          share/spack/qa/run-unit-tests
+    - uses: codecov/codecov-action@v1
+      if: ${{ needs.changes.outputs.with_coverage == 'true' }}
+      with:
+        flags: unittests,linux,clingo
  # Run unit tests on MacOS
  build:
    needs: [ validate, style, documentation, changes ]
@@ -335,7 +370,7 @@ jobs:
      run: |
          pip install --upgrade pip six setuptools
          pip install --upgrade codecov coverage
-          pip install --upgrade flake8 pep8-naming mypy
+          pip install --upgrade flake8 isort>=4.3.5 mypy>=0.800
    - name: Setup Homebrew packages
      run: |
        brew install dash fish gcc gnupg2 kcov
--- a/.gitignore
+++ b/.gitignore
@@ -508,4 +508,4 @@ $RECYCLE.BIN/
 *.msp

 # Windows shortcuts
-*.lnk
+*.lnk
--- a/.mailmap
+++ b/.mailmap
@@ -3,7 +3,8 @@ Adam Moody            <moody20@llnl.gov>                Adam T. Moody
 Alfredo Gimenez       <gimenez1@llnl.gov>               Alfredo Gimenez         <alfredo.gimenez@gmail.com>
 Alfredo Gimenez       <gimenez1@llnl.gov>               Alfredo Adolfo Gimenez  <alfredo.gimenez@gmail.com>
 Andrew Williams       <williamsa89@cardiff.ac.uk>       Andrew Williams         <andrew@alshain.org.uk>
-Axel Huebl            <a.huebl@hzdr.de>                 Axel Huebl              <axel.huebl@plasma.ninja>
+Axel Huebl            <axelhuebl@lbl.gov>               Axel Huebl              <a.huebl@hzdr.de>
+Axel Huebl            <axelhuebl@lbl.gov>               Axel Huebl              <axel.huebl@plasma.ninja>
 Ben Boeckel           <ben.boeckel@kitware.com>         Ben Boeckel             <mathstuf@gmail.com>
 Ben Boeckel           <ben.boeckel@kitware.com>         Ben Boeckel             <mathstuf@users.noreply.github.com>
 Benedikt Hegner       <hegner@cern.ch>                  Benedikt Hegner         <benedikt.hegner@cern.ch>
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,30 @@
+# v0.16.2 (2021-05-22)
+
+* Major performance improvement for `spack load` and other commands. (#23661)
+* `spack fetch` is now environment-aware. (#19166)
+* Numerous fixes for the new, `clingo`-based concretizer. (#23016, #23307,
+  #23090, #22896, #22534, #20644, #20537, #21148)
+* Supoprt for automatically bootstrapping `clingo` from source. (#20652, #20657
+  #21364, #21446, #21913, #22354, #22444, #22460, #22489, #22610, #22631)
+* Python 3.10 support: `collections.abc` (#20441)
+* Fix import issues by using `__import__` instead of Spack package importe.
+  (#23288, #23290)
+* Bugfixes and `--source-dir` argument for `spack location`. (#22755, #22348,
+  #22321)
+* Better support for externals in shared prefixes. (#22653)
+* `spack build-env` now prefers specs defined in the active environment.
+  (#21642)
+* Remove erroneous warnings about quotes in `from_sourcing_files`. (#22767)
+* Fix clearing cache of `InternalConfigScope`. (#22609)
+* Bugfix for active when pkg is already active error. (#22587)
+* Make `SingleFileScope` able to repopulate the cache after clearing it.
+  (#22559)
+* Channelflow: Fix the package. (#22483)
+* More descriptive error message for bugs in `package.py` (#21811)
+* Use package-supplied `autogen.sh`. (#20319)
+* Respect `-k/verify-ssl-false` in `_existing_url` method. (#21864)
+
+
 # v0.16.1 (2021-02-22)

 This minor release includes a new feature and associated fixes:
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 [![macOS Builds (nightly)](https://github.com/spack/spack/workflows/macOS%20builds%20nightly/badge.svg?branch=develop)](https://github.com/spack/spack/actions?query=workflow%3A%22macOS+builds+nightly%22)
 [![codecov](https://codecov.io/gh/spack/spack/branch/develop/graph/badge.svg)](https://codecov.io/gh/spack/spack)
 [![Read the Docs](https://readthedocs.org/projects/spack/badge/?version=latest)](https://spack.readthedocs.io)
-[![Slack](https://spackpm.herokuapp.com/badge.svg)](https://spackpm.herokuapp.com)
+[![Slack](https://slack.spack.io/badge.svg)](https://slack.spack.io)

 Spack is a multi-platform package manager that builds and installs
 multiple versions and configurations of software. It works on Linux,
@@ -58,7 +58,7 @@ packages to bugfixes, documentation, or even new core features.
 Resources:

 * **Slack workspace**: [spackpm.slack.com](https://spackpm.slack.com).
-  To get an invitation, [**click here**](https://spackpm.herokuapp.com).
+  To get an invitation, visit [slack.spack.io](https://slack.spack.io).
 * **Mailing list**: [groups.google.com/d/forum/spack](https://groups.google.com/d/forum/spack)
 * **Twitter**: [@spackpm](https://twitter.com/spackpm). Be sure to
  `@mention` us!
@@ -72,7 +72,7 @@ When you send your request, make ``develop`` the destination branch on the

 Your PR must pass Spack's unit tests and documentation tests, and must be
 [PEP 8](https://www.python.org/dev/peps/pep-0008/) compliant.  We enforce
-these guidelines with our CI process. To run these tests locally, and for 
+these guidelines with our CI process. To run these tests locally, and for
 helpful tips on git, see our
 [Contribution Guide](https://spack.readthedocs.io/en/latest/contribution_guide.html).

--- a/bin/sbang
+++ b/bin/sbang
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2013-2020 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # sbang project developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/bin/spack
+++ b/bin/spack
@@ -11,7 +11,8 @@
 # See https://stackoverflow.com/a/47886254
 """:"
 # prefer SPACK_PYTHON environment variable, python3, python, then python2
-for cmd in "${SPACK_PYTHON:-}" python3 python python2; do
+SPACK_PREFERRED_PYTHONS="python3 python python2 /usr/libexec/platform-python"
+for cmd in "${SPACK_PYTHON:-}" ${SPACK_PREFERRED_PYTHONS}; do
    if command -v > /dev/null "$cmd"; then
        export SPACK_PYTHON="$(command -v "$cmd")"
        exec "${SPACK_PYTHON}" "$0" "$@"
--- a/etc/spack/defaults/config.yaml
+++ b/etc/spack/defaults/config.yaml
@@ -33,13 +33,6 @@ config:
  template_dirs:
    - $spack/share/spack/templates

-
-  # Locations where different types of modules should be installed.
-  module_roots:
-    tcl:    $spack/share/spack/modules
-    lmod:   $spack/share/spack/lmod
-
-
  # Temporary locations Spack can try to use for builds.
  #
  # Recommended options are given below.
@@ -142,11 +135,13 @@ config:
  locks: true


-  # The maximum number of jobs to use when running `make` in parallel,
-  # always limited by the number of cores available. For instance:
-  # - If set to 16 on a 4 cores machine `spack install` will run `make -j4`
-  # - If set to 16 on a 18 cores machine `spack install` will run `make -j16`
-  # If not set, Spack will use all available cores up to 16.
+  # The maximum number of jobs to use for the build system (e.g. `make`), when
+  # the -j flag is not given on the command line. Defaults to 16 when not set.
+  # Note that the maximum number of jobs is limited by the number of cores
+  # available, taking thread affinity into account when supported. For instance:
+  # - With `build_jobs: 16` and 4 cores available `spack install` will run `make -j4`
+  # - With `build_jobs: 16` and 32 cores available `spack install` will run `make -j16`
+  # - With `build_jobs: 2` and 4 cores available `spack install -j6` will run `make -j6`
  # build_jobs: 16


--- a/etc/spack/defaults/cray/modules.yaml
+++ b/etc/spack/defaults/cray/modules.yaml
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------------------
+# This is the default configuration for Spack's module file generation.
+#
+# Settings here are versioned with Spack and are intended to provide
+# sensible defaults out of the box. Spack maintainers should edit this
+# file to keep it current.
+#
+# Users can override these settings by editing the following files.
+#
+# Per-spack-instance settings (overrides defaults):
+#   $SPACK_ROOT/etc/spack/modules.yaml
+#
+# Per-user settings (overrides default and site settings):
+#   ~/.spack/modules.yaml
+# -------------------------------------------------------------------------
+modules:
+  prefix_inspections:
+    lib:
+      - LD_LIBRARY_PATH
+    lib64:
+      - LD_LIBRARY_PATH
--- a/etc/spack/defaults/darwin/packages.yaml
+++ b/etc/spack/defaults/darwin/packages.yaml
@@ -21,12 +21,10 @@ packages:
    - gcc
    - intel
    providers:
-      elf:
-      - libelf
-      unwind:
-      - apple-libunwind
-      uuid:
-      - apple-libuuid
+      elf: [libelf]
+      fuse: [macfuse]
+      unwind: [apple-libunwind]
+      uuid: [apple-libuuid]
  apple-libunwind:
    buildable: false
    externals:
--- a/etc/spack/defaults/mirrors.yaml
+++ b/etc/spack/defaults/mirrors.yaml
@@ -1,2 +1,2 @@
 mirrors:
-  spack-public: https://spack-llnl-mirror.s3-us-west-2.amazonaws.com/
+  spack-public: https://mirror.spack.io
--- a/etc/spack/defaults/modules.yaml
+++ b/etc/spack/defaults/modules.yaml
@@ -14,8 +14,7 @@
 #   ~/.spack/modules.yaml
 # -------------------------------------------------------------------------
 modules:
-  enable:
-    - tcl
+  # Paths to check when creating modules for all module sets
  prefix_inspections:
    bin:
      - PATH
@@ -34,6 +33,20 @@ modules:
    '':
      - CMAKE_PREFIX_PATH

-  lmod:
-    hierarchy:
-      - mpi
+  # These are configurations for the module set named "default"
+  default:
+    # These values are defaulted in the code. They are not defaulted here so
+    # that we can enable backwards compatibility with the old syntax more
+    # easily (old value is in the config yaml, config:module_roots)
+    # Where to install modules
+    # roots:
+    #  tcl:    $spack/share/spack/modules
+    #  lmod:   $spack/share/spack/lmod
+    # What type of modules to use
+    enable:
+      - tcl
+
+    # Default configurations if lmod is enabled
+    lmod:
+      hierarchy:
+        - mpi
--- a/etc/spack/defaults/packages.yaml
+++ b/etc/spack/defaults/packages.yaml
@@ -17,39 +17,43 @@ packages:
  all:
    compiler: [gcc, intel, pgi, clang, xl, nag, fj, aocc]
    providers:
-      D: [ldc]
      awk: [gawk]
      blas: [openblas, amdblis]
+      D: [ldc]
      daal: [intel-daal]
      elf: [elfutils]
      fftw-api: [fftw, amdfftw]
+      flame: [libflame, amdlibflame]
+      fuse: [libfuse]
      gl: [mesa+opengl, mesa18, opengl]
-      glx: [mesa+glx, mesa18+glx, opengl]
      glu: [mesa-glu, openglu]
+      glx: [mesa+glx, mesa18+glx, opengl]
      golang: [gcc]
      iconv: [libiconv]
      ipp: [intel-ipp]
      java: [openjdk, jdk, ibm-java]
      jpeg: [libjpeg-turbo, libjpeg]
      lapack: [openblas, amdlibflame]
+      lua-lang: [lua, lua-luajit]
      mariadb-client: [mariadb-c-client, mariadb]
      mkl: [intel-mkl]
      mpe: [mpe2]
      mpi: [openmpi, mpich]
      mysql-client: [mysql, mariadb-c-client]
      opencl: [pocl]
+      onedal: [intel-oneapi-dal]
      osmesa: [mesa+osmesa, mesa18+osmesa]
      pil: [py-pillow]
      pkgconfig: [pkgconf, pkg-config]
      rpc: [libtirpc]
      scalapack: [netlib-scalapack, amdscalapack]
      sycl: [hipsycl]
-      szip: [libszip, libaec]
+      szip: [libaec, libszip]
      tbb: [intel-tbb]
      unwind: [libunwind]
-      yacc: [bison, byacc]
-      flame: [libflame, amdlibflame]
      uuid: [util-linux-uuid, libuuid]
+      xxd: [xxd-standalone, vim]
+      yacc: [bison, byacc]
      ziglang: [zig]
    permissions:
      read: world
--- a/lib/spack/docs/analyze.rst
+++ b/lib/spack/docs/analyze.rst
@@ -0,0 +1,162 @@
+.. Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+   Spack Project Developers. See the top-level COPYRIGHT file for details.
+
+   SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+.. _analyze:
+
+=======
+Analyze
+=======
+
+
+The analyze command is a front-end to various tools that let us analyze
+package installations. Each analyzer is a module for a different kind
+of analysis that can be done on a package installation, including (but not
+limited to) binary, log, or text analysis. Thus, the analyze command group
+allows you to take an existing package install, choose an analyzer,
+and extract some output for the package using it.
+
+
+-----------------
+Analyzer Metadata
+-----------------
+
+For all analyzers, we write to an ``analyzers`` folder in ``~/.spack``, or the
+value that you specify in your spack config at ``config:analyzers_dir``. 
+For example, here we see the results of running an analysis on zlib:
+
+.. code-block:: console
+
+    $ tree ~/.spack/analyzers/
+    └── linux-ubuntu20.04-skylake
+        └── gcc-9.3.0
+            └── zlib-1.2.11-sl7m27mzkbejtkrajigj3a3m37ygv4u2
+                ├── environment_variables
+                │   └── spack-analyzer-environment-variables.json
+                ├── install_files
+                │   └── spack-analyzer-install-files.json
+                └── libabigail
+                    └── spack-analyzer-libabigail-libz.so.1.2.11.xml
+    
+
+This means that you can always find analyzer output in this folder, and it
+is organized with the same logic as the package install it was run for. 
+If you want to customize this top level folder, simply provide the ``--path``
+argument to ``spack analyze run``. The nested organization will be maintained
+within your custom root.
+
+-----------------
+Listing Analyzers
+-----------------
+
+If you aren't familiar with Spack's analyzers, you can quickly list those that 
+are available:
+
+.. code-block:: console
+
+    $ spack analyze list-analyzers
+    install_files            : install file listing read from install_manifest.json
+    environment_variables    : environment variables parsed from spack-build-env.txt
+    config_args              : config args loaded from spack-configure-args.txt
+    abigail                  : Application Binary Interface (ABI) features for objects
+
+
+In the above, the first three are fairly simple - parsing metadata files from
+a package install directory to save
+
+-------------------
+Analyzing a Package
+-------------------
+
+The analyze command, akin to install, will accept a package spec to perform
+an analysis for. The package must be installed. Let's walk through an example
+with zlib. We first ask to analyze it. However, since we have more than one
+install, we are asked to disambiguate:
+
+.. code-block:: console
+
+    $ spack analyze run zlib
+    ==> Error: zlib matches multiple packages.
+      Matching packages:
+        fz2bs56 zlib@1.2.11%gcc@7.5.0 arch=linux-ubuntu18.04-skylake
+        sl7m27m zlib@1.2.11%gcc@9.3.0 arch=linux-ubuntu20.04-skylake
+      Use a more specific spec.
+
+
+We can then specify the spec version that we want to analyze:
+
+.. code-block:: console
+
+    $ spack analyze run zlib/fz2bs56
+
+If you don't provide any specific analyzer names, by default all analyzers 
+(shown in the ``list-analyzers`` subcommand list) will be run. If an analyzer does not
+have any result, it will be skipped. For example, here is a result running for
+zlib:
+
+.. code-block:: console
+
+    $ ls ~/.spack/analyzers/linux-ubuntu20.04-skylake/gcc-9.3.0/zlib-1.2.11-sl7m27mzkbejtkrajigj3a3m37ygv4u2/
+    spack-analyzer-environment-variables.json
+    spack-analyzer-install-files.json
+    spack-analyzer-libabigail-libz.so.1.2.11.xml
+
+If you want to run a specific analyzer, ask for it with `--analyzer`. Here we run
+spack analyze on libabigail (already installed) _using_ libabigail1
+
+.. code-block:: console
+
+    $ spack analyze run --analyzer abigail libabigail
+
+
+.. _analyze_monitoring:
+
+----------------------
+Monitoring An Analysis
+----------------------
+
+For any kind of analysis, you can
+use a `spack monitor <https://github.com/spack/spack-monitor>`_ "Spackmon"
+as a server to upload the same run metadata to. You can
+follow the instructions in the `spack monitor documentation <https://spack-monitor.readthedocs.org>`_
+to first create a server along with a username and token for yourself.
+You can then use this guide to interact with the server.
+
+You should first export our spack monitor token and username to the environment:
+
+.. code-block:: console
+ 
+    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+    $ export SPACKMON_USER=spacky
+
+
+By default, the host for your server is expected to be at ``http://127.0.0.1``
+with a prefix of ``ms1``, and if this is the case, you can simply add the
+``--monitor`` flag to the install command:
+
+.. code-block:: console
+
+    $ spack analyze run --monitor wget
+
+If you need to customize the host or the prefix, you can do that as well:
+
+.. code-block:: console
+
+    $ spack analyze run --monitor --monitor-prefix monitor --monitor-host https://monitor-service.io wget
+
+If your server doesn't have authentication, you can skip it:
+
+.. code-block:: console
+
+    $ spack analyze run --monitor --monitor-disable-auth wget
+    
+Regardless of your choice, when you run analyze on an installed package (whether
+it was installed with ``--monitor`` or not, you'll see the results generating as they did
+before, and a message that the monitor server was pinged:
+
+.. code-block:: console
+
+    $ spack analyze --monitor wget
+    ...
+    ==> Sending result for wget bin/wget to monitor.
--- a/lib/spack/docs/basic_usage.rst
+++ b/lib/spack/docs/basic_usage.rst
@@ -27,12 +27,18 @@ It is recommended that the following be put in your ``.bashrc`` file:

 If you do not see colorized output when using ``less -R`` it is because color
 is being disabled in the piped output. In this case, tell spack to force
-colorized output.
+colorized output with a flag

 .. code-block:: console

    $ spack --color always | less -R

+or an environment variable
+
+.. code-block:: console
+
+   $ SPACK_COLOR=always spack | less -R
+
 --------------------------
 Listing available packages
 --------------------------
@@ -963,7 +969,7 @@ Variants are named options associated with a particular package. They are
 optional, as each package must provide default values for each variant it
 makes available. Variants can be specified using
 a flexible parameter syntax ``name=<value>``. For example,
-``spack install libelf debug=True`` will install libelf built with debug
+``spack install mercury debug=True`` will install mercury built with debug
 flags. The names of particular variants available for a package depend on
 what was provided by the package author. ``spack info <package>`` will
 provide information on what build variants are available.
@@ -971,11 +977,11 @@ provide information on what build variants are available.
 For compatibility with earlier versions, variants which happen to be
 boolean in nature can be specified by a syntax that represents turning
 options on and off. For example, in the previous spec we could have
-supplied ``libelf +debug`` with the same effect of enabling the debug
+supplied ``mercury +debug`` with the same effect of enabling the debug
 compile time option for the libelf package.

 Depending on the package a variant may have any default value.  For
-``libelf`` here, ``debug`` is ``False`` by default, and we turned it on
+``mercury`` here, ``debug`` is ``False`` by default, and we turned it on
 with ``debug=True`` or ``+debug``.  If a variant is ``True`` by default
 you can turn it off by either adding ``-name`` or ``~name`` to the spec.

@@ -1724,6 +1730,39 @@ This issue typically manifests with the error below:

 A nicer error message is TBD in future versions of Spack.

+---------------
+Troubleshooting
+---------------
+
+The ``spack audit`` command:
+
+.. command-output:: spack audit -h
+
+can be used to detect a number of configuration issues. This command detects
+configuration settings which might not be strictly wrong but are not likely
+to be useful outside of special cases.
+
+It can also be used to detect dependency issues with packages - for example
+cases where a package constrains a dependency with a variant that doesn't
+exist (in this case Spack could report the problem ahead of time but
+automatically performing the check would slow down most runs of Spack).
+
+A detailed list of the checks currently implemented for each subcommand can be
+printed with:
+
+.. command-output:: spack -v audit list
+
+Depending on the use case, users might run the appropriate subcommands to obtain
+diagnostics. Issues, if found, are reported to stdout:
+
+.. code-block:: console
+
+   % spack audit packages lammps
+   PKG-DIRECTIVES: 1 issue found
+   1. lammps: wrong variant in "conflicts" directive
+       the variant 'adios' does not exist
+       in /home/spack/spack/var/spack/repos/builtin/packages/lammps/package.py
+

 ------------
 Getting Help
--- a/lib/spack/docs/binary_caches.rst
+++ b/lib/spack/docs/binary_caches.rst
@@ -31,9 +31,25 @@ Build caches are created via:

 .. code-block:: console

-   $ spack buildcache create spec
+    $ spack buildcache create <spec>


+If you wanted to create a build cache in a local directory, you would provide
+the ``-d`` argument to target that directory, again also specifying the spec.
+Here is an example creating a local directory, "spack-cache" and creating
+build cache files for the "ninja" spec:
+
+.. code-block:: console
+
+    $ mkdir -p ./spack-cache
+    $ spack buildcache create -d ./spack-cache ninja
+    ==> Buildcache files will be output to file:///home/spackuser/spack/spack-cache/build_cache
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    gpg: using "E6DF6A8BD43208E4D6F392F23777740B7DBD643D" as default secret key for signing
+
+Note that the targeted spec must already be installed. Once you have a build cache,
+you can add it as a mirror, discussed next.
+
 ---------------------------------------
 Finding or installing build cache files
 ---------------------------------------
@@ -43,19 +59,98 @@ with:

 .. code-block:: console

-   $ spack mirror add <name> <url>
+    $ spack mirror add <name> <url>
+
+
+Note that the url can be a web url _or_ a local filesystem location. In the previous
+example, you might add the directory "spack-cache" and call it ``mymirror``:

-Build caches are found via:

 .. code-block:: console

-   $ spack buildcache list
+    $ spack mirror add mymirror ./spack-cache

-Build caches are installed via:
+
+You can see that the mirror is added with ``spack mirror list`` as follows:

 .. code-block:: console

-   $ spack buildcache install
+
+    $ spack mirror list
+    mymirror           file:///home/spackuser/spack/spack-cache
+    spack-public       https://spack-llnl-mirror.s3-us-west-2.amazonaws.com/
+
+
+At this point, you've create a buildcache, but spack hasn't indexed it, so if
+you run ``spack buildcache list`` you won't see any results. You need to index
+this new build cache as follows:
+
+.. code-block:: console
+
+    $ spack buildcache update-index -d spack-cache/
+
+Now you can use list:
+
+.. code-block:: console
+
+    $  spack buildcache list
+    ==> 1 cached build.
+    -- linux-ubuntu20.04-skylake / gcc@9.3.0 ------------------------
+    ninja@1.10.2
+
+
+Great! So now let's say you have a different spack installation, or perhaps just
+a different environment for the same one, and you want to install a package from
+that build cache. Let's first uninstall the actual library "ninja" to see if we can
+re-install it from the cache.
+
+.. code-block:: console
+
+    $ spack uninstall ninja
+
+
+And now reinstall from the buildcache
+
+.. code-block:: console
+
+    $ spack buildcache install ninja
+    ==> buildcache spec(s) matching ninja 
+    ==> Fetching file:///home/spackuser/spack/spack-cache/build_cache/linux-ubuntu20.04-skylake/gcc-9.3.0/ninja-1.10.2/linux-ubuntu20.04-skylake-gcc-9.3.0-ninja-1.10.2-i4e5luour7jxdpc3bkiykd4imke3mkym.spack
+    ####################################################################################################################################### 100.0%
+    ==> Installing buildcache for spec ninja@1.10.2%gcc@9.3.0 arch=linux-ubuntu20.04-skylake
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    gpg: Signature made Tue 23 Mar 2021 10:16:29 PM MDT
+    gpg:                using RSA key E6DF6A8BD43208E4D6F392F23777740B7DBD643D
+    gpg: Good signature from "spackuser (GPG created for Spack) <spackuser@noreply.users.github.com>" [ultimate]
+
+
+It worked! You've just completed a full example of creating a build cache with
+a spec of interest, adding it as a mirror, updating it's index, listing the contents,
+and finally, installing from it.
+
+
+Note that the above command is intended to install a particular package to a
+build cache you have created, and not to install a package from a build cache.
+For the latter, once a mirror is added, by default when you do ``spack install`` the ``--use-cache``
+flag is set, and you will install a package from a build cache if it is available.
+If you want to always use the cache, you can do:
+
+.. code-block:: console
+
+   $ spack install --cache-only <package>
+
+For example, to combine all of the commands above to add the E4S build cache
+and then install from it exclusively, you would do:
+
+.. code-block:: console
+
+    $ spack mirror add E4S https://cache.e4s.io
+    $ spack buildcache keys --install --trust
+    $ spack install --cache-only <package>
+
+We use ``--install`` and ``--trust`` to say that we are installing keys to our
+keyring, and trusting all downloaded keys.
+

 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 List of popular build caches
--- a/lib/spack/docs/build_systems/autotoolspackage.rst
+++ b/lib/spack/docs/build_systems/autotoolspackage.rst
@@ -155,7 +155,7 @@ version, this can be done like so:

   @property
   def force_autoreconf(self):
-       return self.version == Version('1.2.3'):
+       return self.version == Version('1.2.3')

 ^^^^^^^^^^^^^^^^^^^^^^^
 Finding configure flags
--- a/lib/spack/docs/build_systems/cudapackage.rst
+++ b/lib/spack/docs/build_systems/cudapackage.rst
@@ -10,7 +10,7 @@ CudaPackage
 -----------

 Different from other packages, ``CudaPackage`` does not represent a build system.
-Instead its goal is to simplify and unify usage of ``CUDA`` in other packages by providing a ` mixin-class <https://en.wikipedia.org/wiki/Mixin>`__.
+Instead its goal is to simplify and unify usage of ``CUDA`` in other packages by providing a `mixin-class <https://en.wikipedia.org/wiki/Mixin>`_.

 You can find source for the package at
 `<https://github.com/spack/spack/blob/develop/lib/spack/spack/build_systems/cuda.py>`__.
--- a/lib/spack/docs/build_systems/custompackage.rst
+++ b/lib/spack/docs/build_systems/custompackage.rst
@@ -9,7 +9,7 @@
 Custom Build Systems
 --------------------

-While the build systems listed above should meet your needs for the
+While the built-in build systems should meet your needs for the
 vast majority of packages, some packages provide custom build scripts.
 This guide is intended for the following use cases:

@@ -31,7 +31,7 @@ installation. Both of these packages require custom build systems.
 Base class
 ^^^^^^^^^^

-If your package does not belong to any of the aforementioned build
+If your package does not belong to any of the built-in build
 systems that Spack already supports, you should inherit from the
 ``Package`` base class. ``Package`` is a simple base class with a
 single phase: ``install``. If your package is simple, you may be able
@@ -168,7 +168,8 @@ if and only if this flag is set, we would use the following line:
 Testing
 ^^^^^^^

-Let's put everything together and add unit tests to our package.
+Let's put everything together and add unit tests to be optionally run
+during the installation of our package.
 In the ``perl`` package, we can see:

 .. code-block:: python
@@ -182,12 +183,6 @@ As you can guess, this runs ``make test`` *after* building the package,
 if and only if testing is requested. Again, this is not specific to
 custom build systems, it can be added to existing build systems as well.

-Ideally, every package in Spack will have some sort of test to ensure
-that it was built correctly. It is up to the package authors to make
-sure this happens. If you are adding a package for some software and
-the developers list commands to test the installation, please add these
-tests to your ``package.py``.
-
 .. warning::

   The order of decorators matters. The following ordering:
@@ -207,3 +202,12 @@ tests to your ``package.py``.
   the tests will always be run regardless of whether or not
   ``--test=root`` is requested. See https://github.com/spack/spack/issues/3833
   for more information
+
+Ideally, every package in Spack will have some sort of test to ensure
+that it was built correctly. It is up to the package authors to make
+sure this happens. If you are adding a package for some software and
+the developers list commands to test the installation, please add these
+tests to your ``package.py``.
+
+For more information on other forms of package testing, refer to
+:ref:`Checking an installation <checking_an_installation>`.
--- a/lib/spack/docs/build_systems/inteloneapipackage.rst
+++ b/lib/spack/docs/build_systems/inteloneapipackage.rst
@@ -25,7 +25,7 @@ use Spack to build packages with the tools.
 The Spack Python class ``IntelOneapiPackage`` is a base class that is
 used by ``IntelOneapiCompilers``, ``IntelOneapiMkl``,
 ``IntelOneapiTbb`` and other classes to implement the oneAPI
-packages. See the :ref:<package-list> for the full list of available
+packages. See the :ref:`package-list` for the full list of available
 oneAPI packages or use::

  spack list -d oneAPI
@@ -35,24 +35,28 @@ For more information on a specific package, do::
  spack info <package-name>

 Intel no longer releases new versions of Parallel Studio, which can be
-used in Spack via the :ref:<intelpackage>. All of its components can
+used in Spack via the :ref:`intelpackage`. All of its components can
 now be found in oneAPI. 

-Example
-=======
+Examples
+========

-We start with a simple example that will be sufficient for most
-users. Install the oneAPI compilers::
+Building a Package With icx
+---------------------------
+
+In this example, we build patchelf with ``icc`` and ``icx``. The
+compilers are installed with spack.
+
+Install the oneAPI compilers::

  spack install intel-oneapi-compilers

-Add the oneAPI compilers to the set of compilers that Spack can use::
+Add the compilers to your ``compilers.yaml`` so spack can use them::

  spack compiler add `spack location -i intel-oneapi-compilers`/compiler/latest/linux/bin/intel64
  spack compiler add `spack location -i intel-oneapi-compilers`/compiler/latest/linux/bin

-This adds the compilers to your ``compilers.yaml``. Verify that the
-compilers are available::
+Verify that the compilers are available::

  spack compiler list

@@ -72,9 +76,11 @@ To build with with ``icx``, do ::

  spack install patchelf%oneapi

-In addition to compilers, oneAPI contains many libraries. The ``hdf5``
-package works with any compatible MPI implementation. To build
-``hdf5`` with Intel oneAPI MPI do::
+Using oneAPI MPI to Satisfy a Virtual Dependence
+------------------------------------------------------
+
+The ``hdf5`` package works with any compatible MPI implementation. To
+build ``hdf5`` with Intel oneAPI MPI do::

  spack install hdf5 +mpi ^intel-oneapi-mpi

@@ -95,11 +101,23 @@ To use the compilers, add some information about the installation to
  spack compiler add /opt/intel/oneapi/compiler/latest/linux/bin

 Adapt the paths above if you did not install the tools in the default
-location. After adding the compilers, using them in Spack will be
-exactly the same as if you had installed the
-``intel-oneapi-compilers`` package.  Another option is to manually add
-the configuration to ``compilers.yaml`` as described in :ref:`Compiler
-configuration <compiler-config>`.
+location. After adding the compilers, using them is the same
+as if you had installed the ``intel-oneapi-compilers`` package.
+Another option is to manually add the configuration to
+``compilers.yaml`` as described in :ref:`Compiler configuration
+<compiler-config>`.
+
+Libraries
+---------
+
+If you want Spack to use MKL that you have installed without Spack in
+the default location, then add the following to
+``~/.spack/packages.yaml``, adjusting the version as appropriate::
+
+  intel-oneapi-mkl:
+    externals:
+    - spec: intel-oneapi-mkl@2021.1.1
+      prefix: /opt/intel/oneapi/


 Using oneAPI Tools Installed by Spack
@@ -127,11 +145,11 @@ More information
 ================

 This section describes basic use of oneAPI, especially if it has
-changed compared to Parallel Studio. See :ref:<intelpackage> for more
-information on :ref:<intel-virtual-packages>,
-:ref:<intel-unrelated-packages>,
-:ref:<intel-integrating-external-libraries>, and
-:ref:<using-mkl-tips>.
+changed compared to Parallel Studio. See :ref:`intelpackage` for more
+information on :ref:`intel-virtual-packages`,
+:ref:`intel-unrelated-packages`,
+:ref:`intel-integrating-external-libraries`, and
+:ref:`using-mkl-tips`.


 .. _`Intel installers`: https://software.intel.com/content/www/us/en/develop/documentation/installation-guide-for-intel-oneapi-toolkits-linux/top.html
--- a/lib/spack/docs/build_systems/intelpackage.rst
+++ b/lib/spack/docs/build_systems/intelpackage.rst
@@ -561,43 +561,29 @@ follow `the next section <intel-install-libs_>`_ instead.
             modules:    []
             spec:       intel@18.0.3
             paths:
-               cc:       stub
-               cxx:      stub
-               f77:      stub
-               fc:       stub
+               cc:       /usr/bin/true
+               cxx:      /usr/bin/true
+               f77:      /usr/bin/true
+               fc:       /usr/bin/true

      Replace ``18.0.3`` with the version that you determined in the preceding
-      step. The contents under ``paths:`` do not matter yet.
+      step. The exact contents under ``paths:`` do not matter yet, but the paths must exist.

-   You are right to ask: "Why on earth is that necessary?" [fn8]_.
-   The answer lies in Spack striving for strict compiler consistency.
-   Consider what happens without such a pre-declared compiler stub:
-   Say, you ask Spack to install a particular version
-   ``intel-parallel-studio@edition.V``.  Spack will apply an unrelated compiler
-   spec to concretize and install your request, resulting in
-   ``intel-parallel-studio@edition.V %X``. That compiler ``%X`` is not going to
-   be the version that this new package itself provides. Rather, it would
-   typically be ``%gcc@...`` in a default Spack installation or possibly indeed
-   ``%intel@...``, but at a version that precedes ``V``.
+   This temporary stub is required such that the ``intel-parallel-studio`` package
+   can be installed for the ``intel`` compiler (which the package itself is going
+   to provide after the installation) rather than an arbitrary system compiler.
+   The paths given in ``cc``, ``cxx``, ``f77``, ``fc`` must exist, but will
+   never be used to build anything during the installation of ``intel-parallel-studio``.

-   The problem comes to the fore as soon as you try to use any virtual ``mkl``
-   or ``mpi`` packages that you would expect to now be provided by
-   ``intel-parallel-studio@edition.V``.  Spack will indeed see those virtual
-   packages, but only as being tied to the compiler that the package
-   ``intel-parallel-studio@edition.V`` was concretized with *at installation*.
-   If you were to install a client package with the new compilers now available
-   to you, you would naturally run ``spack install foo +mkl %intel@V``, yet
-   Spack will either complain about ``mkl%intel@V`` being missing (because it
-   only knows about ``mkl%X``) or it will go and attempt to install *another
-   instance* of ``intel-parallel-studio@edition.V %intel@V`` so as to match the
-   compiler spec ``%intel@V`` that you gave for your client package ``foo``.
-   This will be unexpected and will quickly get annoying because each
-   reinstallation takes up time and extra disk space.
+   The reason for this stub is that ``intel-parallel-studio`` also provides the
+   ``mpi`` and ``mkl`` packages and when concretizing a spec, Spack ensures
+   strong consistency of the used compiler across all dependencies:  [fn8]_.
+   Installing a package ``foo +mkl %intel`` will make Spack look for a package
+   ``mkl %intel``, which can be provided by ``intel-parallel-studio+mkl %intel``,
+   but not by ``intel-parallel-studio+mkl %gcc``.

-   To escape this trap, put the compiler stub declaration shown here in place,
-   then use that pre-declared compiler spec to install the actual package, as
-   shown next.  This approach works because during installation only the
-   package's own self-sufficient installer will be used, not any compiler.
+   Failure to do so may result in additional installations of ``mkl``, ``intel-mpi`` or
+   even ``intel-parallel-studio`` as dependencies for other packages.

   .. _`verify-compiler-anticipated`:

@@ -648,11 +634,25 @@ follow `the next section <intel-install-libs_>`_ instead.
     want to use the ``intel64`` variant.  The ``icpc`` and ``ifort`` compilers
     will be located in the same directory as ``icc``.

-   * Use the ``modules:`` and/or ``cflags:`` tokens to specify a suitable accompanying
+   * Make sure to specify ``modules: ['intel-parallel-studio-cluster2018.3-intel-18.0.3-HASH']``
+     (with ``HASH`` being the short hash as displayed when running
+     ``spack find -l intel-parallel-studio@cluster.2018.3`` and the versions adapted accordingly)
+     to ensure that the correct and complete environment for the Intel compilers gets
+     loaded when running them. With modern versions of the Intel compiler you may otherwise see
+     issues about missing libraries. Please also note that module name must exactly match
+     the name as returned by ``module avail`` (and shown in the example above).
+
+   * Use the ``modules:`` and/or ``cflags:`` tokens to further specify a suitable accompanying
     ``gcc`` version to help pacify picky client packages that ask for C++
     standards more recent than supported by your system-provided ``gcc`` and its
     ``libstdc++.so``.

+   * If you specified a custom variant (for example ``+vtune``) you may want to add this as your
+     preferred variant in the packages configuration for the ``intel-parallel-studio`` package
+     as described in :ref:`concretization-preferences`. Otherwise you will have to specify
+     the variant everytime ``intel-parallel-studio`` is being used as ``mkl``, ``fftw`` or ``mpi``
+     implementation to avoid pulling in a different variant.
+
   * To set the Intel compilers for default use in Spack, instead of the usual ``%gcc``,
     follow section `Selecting Intel compilers`_.

--- a/lib/spack/docs/build_systems/makefilepackage.rst
+++ b/lib/spack/docs/build_systems/makefilepackage.rst
@@ -147,8 +147,10 @@ and a ``filter_file`` method to help with this. For example:
   def edit(self, spec, prefix):
       makefile = FileFilter('Makefile')

-       makefile.filter('CC = gcc',  'CC = cc')
-       makefile.filter('CXX = g++', 'CC = c++')
+       makefile.filter(r'^\s*CC\s*=.*',  'CC = '  + spack_cc)
+       makefile.filter(r'^\s*CXX\s*=.*', 'CXX = ' + spack_cxx)
+       makefile.filter(r'^\s*F77\s*=.*', 'F77 = ' + spack_f77)
+       makefile.filter(r'^\s*FC\s*=.*',  'FC = '  + spack_fc)


 `stream <https://github.com/spack/spack/blob/develop/var/spack/repos/builtin/packages/stream/package.py>`_
--- a/lib/spack/docs/build_systems/mesonpackage.rst
+++ b/lib/spack/docs/build_systems/mesonpackage.rst
@@ -121,11 +121,15 @@ override the ``meson_args`` method like so:
 .. code-block:: python

   def meson_args(self):
-       return ['--default-library=both']
+       return ['--warnlevel=3']


 This method can be used to pass flags as well as variables.

+Note that the ``MesonPackage`` base class already defines variants for
+``buildtype``, ``default_library`` and ``strip``, which are mapped to default
+Meson arguments, meaning that you don't have to specify these.
+
 ^^^^^^^^^^^^^^^^^^^^^^
 External documentation
 ^^^^^^^^^^^^^^^^^^^^^^
--- a/lib/spack/docs/build_systems/pythonpackage.rst
+++ b/lib/spack/docs/build_systems/pythonpackage.rst
@@ -627,7 +627,8 @@ adds:
 Testing
 ^^^^^^^

-``PythonPackage`` provides a couple of options for testing packages.
+``PythonPackage`` provides a couple of options for testing packages
+both during and after the installation process.

 """"""""""""
 Import tests
@@ -696,16 +697,20 @@ libraries. Make sure not to add modules/packages containing the word
 "test", as these likely won't end up in the installation directory,
 or may require test dependencies like pytest to be installed.

-These tests can be triggered by running ``spack install --test=root``
-or by running ``spack test run`` after the installation has finished.
+Import tests can be run during the installation using ``spack install
+--test=root`` or at any time after the installation using
+``spack test run``.

 """"""""""
 Unit tests
 """"""""""

-The package you want to install may come with additional unit tests.
-You can add additional build-time or install-time tests by adding
-additional testing functions. For example, ``py-numpy`` adds:
+The package may have its own unit or regression tests. Spack can
+run these tests during the installation by adding phase-appropriate
+test methods.
+
+For example, ``py-numpy`` adds the following as a check to run 
+after the ``install`` phase:

 .. code-block:: python

@@ -716,7 +721,13 @@ additional testing functions. For example, ``py-numpy`` adds:
           python('-c', 'import numpy; numpy.test("full", verbose=2)')


-These tests can be triggered by running ``spack install --test=root``.
+when testing is enabled during the installation (i.e., ``spack install
+--test=root``).
+
+.. note::
+
+   Additional information is available on :ref:`install phase tests
+   <install_phase-tests>`.

 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Setup file in a sub-directory
--- a/lib/spack/docs/conf.py
+++ b/lib/spack/docs/conf.py
@@ -17,10 +17,10 @@
 # All configuration values have a default; values that are commented out
 # serve to show the default.

-import sys
 import os
 import re
 import subprocess
+import sys
 from glob import glob

 from sphinx.ext.apidoc import main as sphinx_apidoc
@@ -82,6 +82,8 @@
 # Disable duplicate cross-reference warnings.
 #
 from sphinx.domains.python import PythonDomain
+
+
 class PatchedPythonDomain(PythonDomain):
    def resolve_xref(self, env, fromdocname, builder, typ, target, node, contnode):
        if 'refspecific' in node:
@@ -136,6 +138,7 @@ def setup(sphinx):
 #
 # The short X.Y version.
 import spack
+
 version = '.'.join(str(s) for s in spack.spack_version_info[:2])
 # The full version, including alpha/beta/rc tags.
 release = spack.spack_version
@@ -179,7 +182,8 @@ def setup(sphinx):
 # We use our own extension of the default style with a few modifications
 from pygments.style import Style
 from pygments.styles.default import DefaultStyle
-from pygments.token import Generic, Comment, Text
+from pygments.token import Comment, Generic, Text
+

 class SpackStyle(DefaultStyle):
    styles = DefaultStyle.styles.copy()
@@ -188,6 +192,7 @@ class SpackStyle(DefaultStyle):
    styles[Generic.Prompt] = "bold #346ec9"

 import pkg_resources
+
 dist = pkg_resources.Distribution(__file__)
 sys.path.append('.')  # make 'conf' module findable
 ep = pkg_resources.EntryPoint.parse('spack = conf:SpackStyle', dist=dist)
--- a/lib/spack/docs/config_yaml.rst
+++ b/lib/spack/docs/config_yaml.rst
@@ -202,21 +202,23 @@ of builds.

 Unless overridden in a package or on the command line, Spack builds all
 packages in parallel. The default parallelism is equal to the number of
-cores on your machine, up to 16. Parallelism cannot exceed the number of
-cores available on the host. For a build system that uses Makefiles, this
-means running:
+cores available to the process, up to 16 (the default of ``build_jobs``).
+For a build system that uses Makefiles, this ``spack install`` runs:

 - ``make -j<build_jobs>``, when ``build_jobs`` is less than the number of
-  cores on the machine
+  cores available
 - ``make -j<ncores>``, when ``build_jobs`` is greater or equal to the
-  number of cores on the machine
+  number of cores available

 If you work on a shared login node or have a strict ulimit, it may be
 necessary to set the default to a lower value. By setting ``build_jobs``
 to 4, for example, commands like ``spack install`` will run ``make -j4``
-instead of hogging every core.
+instead of hogging every core. To build all software in serial,
+set ``build_jobs`` to 1.

-To build all software in serial, set ``build_jobs`` to 1.
+Note that specifying the number of jobs on the command line always takes
+priority, so that ``spack install -j<n>`` always runs `make -j<n>`, even
+when that exceeds the number of cores available.

 --------------------
 ``ccache``
--- a/lib/spack/docs/developer_guide.rst
+++ b/lib/spack/docs/developer_guide.rst
@@ -106,11 +106,21 @@ with a high level view of Spack's directory structure:
            external/      <- external libs included in Spack distro
            llnl/          <- some general-use libraries

-            spack/         <- spack module; contains Python code
-               cmd/        <- each file in here is a spack subcommand
-               compilers/  <- compiler description files
-               test/       <- unit test modules
-               util/       <- common code
+            spack/                <- spack module; contains Python code
+               analyzers/         <- modules to run analysis on installed packages
+               build_systems/     <- modules for different build systems 
+               cmd/               <- each file in here is a spack subcommand
+               compilers/         <- compiler description files          
+               container/         <- module for spack containerize
+               hooks/             <- hook modules to run at different points
+               modules/           <- modules for lmod, tcl, etc.
+               operating_systems/ <- operating system modules
+               platforms/         <- different spack platforms
+               reporters/         <- reporters like cdash, junit
+               schema/            <- schemas to validate data structures
+               solver/            <- the spack solver
+               test/              <- unit test modules
+               util/              <- common code

 Spack is designed so that it could live within a `standard UNIX
 directory hierarchy <http://linux.die.net/man/7/hier>`_, so ``lib``,
@@ -251,6 +261,22 @@ Unit tests
  This is a fake package hierarchy used to mock up packages for
  Spack's test suite.

+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Research and Monitoring Modules
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+:mod:`spack.monitor`
+  Contains :class:`SpackMonitor <spack.monitor.SpackMonitor>`. This is accessed
+  from the ``spack install`` and ``spack analyze`` commands to send build
+  and package metadada up to a `Spack Monitor <https://github.com/spack/spack-monitor>`_ server. 
+
+
+:mod:`spack.analyzers`
+  A module folder with a :class:`AnalyzerBase <spack.analyzers.analyzer_base.AnalyzerBase>`
+  that provides base functions to run, save, and (optionally) upload analysis
+  results to a `Spack Monitor <https://github.com/spack/spack-monitor>`_ server.
+
+
 ^^^^^^^^^^^^^
 Other Modules
 ^^^^^^^^^^^^^
@@ -299,6 +325,235 @@ Conceptually, packages are overloaded.  They contain:
 Stage objects
 -------------

+
+.. _writing-analyzers:
+
+-----------------
+Writing analyzers
+-----------------
+
+To write an analyzer, you should add a new python file to the
+analyzers module directory at ``lib/spack/spack/analyzers`` .
+Your analyzer should be a subclass of the :class:`AnalyzerBase <spack.analyzers.analyzer_base.AnalyzerBase>`. For example, if you want
+to add an analyzer class ``Myanalyzer`` you woul write to 
+``spack/analyzers/myanalyzer.py`` and import and 
+use the base as follows:
+
+.. code-block:: python
+
+    from .analyzer_base import AnalyzerBase
+
+    class Myanalyzer(AnalyzerBase):
+
+
+Note that the class name is your module file name, all lowercase
+except for the first capital letter. You can  look at other analyzers in 
+that analyzer directory for examples. The guide here will tell you about the basic functions needed.
+
+^^^^^^^^^^^^^^^^^^^^^^^^^
+Analyzer Output Directory
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+By default, when you run ``spack analyze run`` an analyzer output directory will
+be created in your spack user directory in your ``$HOME``. The reason we output here
+is because the install directory might not always be writable. 
+
+.. code-block:: console
+
+    ~/.spack/
+      analyzers
+      
+Result files will be written here, organized in subfolders in the same structure
+as the package, with each analyzer owning it's own subfolder. for example:
+
+
+.. code-block:: console
+
+    $ tree ~/.spack/analyzers/
+    /home/spackuser/.spack/analyzers/
+    └── linux-ubuntu20.04-skylake
+        └── gcc-9.3.0
+            └── zlib-1.2.11-sl7m27mzkbejtkrajigj3a3m37ygv4u2
+                ├── environment_variables
+                │   └── spack-analyzer-environment-variables.json
+                ├── install_files
+                │   └── spack-analyzer-install-files.json
+                └── libabigail
+                    └── lib
+                        └── spack-analyzer-libabigail-libz.so.1.2.11.xml 
+
+
+Notice that for the libabigail analyzer, since results are generated per object,
+we honor the object's folder in case there are equivalently named files in 
+different folders. The result files are typically written as json so they can be easily read and  uploaded in a future interaction with a monitor.
+
+
+^^^^^^^^^^^^^^^^^
+Analyzer Metadata
+^^^^^^^^^^^^^^^^^
+
+Your analyzer is required to have the class attributes ``name``, ``outfile``,
+and ``description``. These are printed to the user with they use the subcommand
+``spack analyze list-analyzers``.  Here is an example.
+As we mentioned above, note that this analyzer would live in a module named
+``libabigail.py`` in the analyzers folder so that the class can be discovered.
+
+
+.. code-block:: python
+
+    class Libabigail(AnalyzerBase):
+
+        name = "libabigail"
+        outfile = "spack-analyzer-libabigail.json"
+        description = "Application Binary Interface (ABI) features for objects"
+
+
+This means that the name and output file should be unique for your analyzer.
+Note that "all" cannot be the name of an analyzer, as this key is used to indicate
+that the user wants to run all analyzers.
+
+.. _analyzer_run_function:
+
+
+^^^^^^^^^^^^^^^^^^^^^^^^
+An analyzer run Function
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+The core of an analyzer is its ``run()`` function, which should accept no
+arguments. You can assume your analyzer has the package spec of interest at ``self.spec``
+and it's up to the run function to generate whatever analysis data you need,
+and then return the object with a key as the analyzer name. The result data
+should be a list of objects, each with a name, ``analyzer_name``, ``install_file``,
+and one of ``value`` or ``binary_value``. The install file should be for a relative
+path, and not the absolute path. For example, let's say we extract a metric called
+``metric`` for ``bin/wget`` using our analyzer ``thebest-analyzer``. 
+We might have data that looks like this:
+
+.. code-block:: python
+
+    result = {"name": "metric", "analyzer_name": "thebest-analyzer", "value": "1", "install_file": "bin/wget"}
+
+
+We'd then return it as follows - note that they key is the analyzer name at ``self.name``.
+
+.. code-block:: python
+
+    return {self.name: result}
+
+This will save the complete result to the analyzer metadata folder, as described
+previously. If you want support for adding a different kind of metadata (e.g.,
+not associated with an install file) then the monitor server would need to be updated
+to support this first.
+
+
+^^^^^^^^^^^^^^^^^^^^^^^^^
+An analyzer init Function
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you don't need any extra dependencies or checks, you can skip defining an analyzer
+init function, as the base class will handle it. Typically, it will accept
+a spec, and an optional output directory (if the user does not want the default
+metadata folder for analyzer results). The analyzer init function should call
+it's parent init, and then do any extra checks or validation that are required to
+work. For example:
+
+.. code-block:: python
+
+    def __init__(self, spec, dirname=None):
+        super(Myanalyzer, self).__init__(spec, dirname)
+
+        # install extra dependencies, do extra preparation and checks here
+
+
+At the end of the init, you will have available to you:
+
+ - **self.spec**: the spec object
+ - **self.dirname**: an optional directory name the user as provided at init to save
+ - **self.output_dir**: the analyzer metadata directory, where we save by default
+ - **self.meta_dir**: the path to the package metadata directory (.spack) if you need it
+
+And can proceed to write your analyzer.
+
+
+^^^^^^^^^^^^^^^^^^^^^^^
+Saving Analyzer Results
+^^^^^^^^^^^^^^^^^^^^^^^
+
+The analyzer will have ``save_result`` called, with the result object generated
+to save it to the filesystem, and if the user has added the ``--monitor`` flag
+to upload it to a monitor server. If your result follows an accepted result
+format and you don't need to parse it further, you don't need to add this 
+function to your class. However, if your result data is large or otherwise
+needs additional parsing, you can define it. If you define the function, it
+is useful to know about the ``output_dir`` property, which you can join
+with your output file relative path of choice:
+
+.. code-block:: python
+
+    outfile = os.path.join(self.output_dir, "my-output-file.txt")
+
+
+The directory will be provided by the ``output_dir`` property but it won't exist,
+so you should create it:
+
+
+.. code::block:: python
+
+    # Create the output directory
+    if not os.path.exists(self._output_dir):
+        os.makedirs(self._output_dir)
+
+
+If you are generating results that match to specific files in the package
+install directory, you should try to maintain those paths in the case that
+there are equivalently named files in different directories that would
+overwrite one another. As an example of an analyzer with a custom save,
+the Libabigail analyzer saves ``*.xml`` files to the analyzer metadata
+folder in ``run()``, as they are either binaries, or as xml (text) would
+usually be too big to pass in one request. For this reason, the files
+are saved during ``run()`` and the filenames added to the result object,
+and then when the result object is passed back into ``save_result()``,
+we skip saving to the filesystem, and instead read the file and send
+each one (separately) to the monitor:
+
+
+.. code-block:: python
+
+    def save_result(self, result, monitor=None, overwrite=False):
+        """ABI results are saved to individual files, so each one needs to be
+        read and uploaded. Result here should be the lookup generated in run(),
+        the key is the analyzer name, and each value is the result file.
+        We currently upload the entire xml as text because libabigail can't
+        easily read gzipped xml, but this will be updated when it can.
+        """
+        if not monitor:
+            return
+
+        name = self.spec.package.name
+
+        for obj, filename in result.get(self.name, {}).items():
+
+            # Don't include the prefix
+            rel_path = obj.replace(self.spec.prefix + os.path.sep, "")
+
+            # We've already saved the results to file during run
+            content = spack.monitor.read_file(filename)
+
+            # A result needs an analyzer, value or binary_value, and name
+            data = {"value": content, "install_file": rel_path, "name": "abidw-xml"}
+            tty.info("Sending result for %s %s to monitor." % (name, rel_path))
+            monitor.send_analyze_metadata(self.spec.package, {"libabigail": [data]})
+
+
+
+Notice that this function, if you define it, requires a result object (generated by
+``run()``, a monitor (if you want to send), and a boolean ``overwrite`` to be used
+to check if a result exists first, and not write to it if the result exists and 
+overwrite is False. Also notice that since we already saved these files to the analyzer metadata folder, we return early if a monitor isn't defined, because this function serves to send  results to the monitor. If you haven't saved anything to the analyzer metadata folder
+yet, you might want to do that here. You should also use ``tty.info`` to give
+the user a message of "Writing result to $DIRNAME."
+
+
 .. _writing-commands:

 ----------------
@@ -345,6 +600,183 @@ Whenever you add/remove/rename a command or flags for an existing command,
 make sure to update Spack's `Bash tab completion script
 <https://github.com/adamjstewart/spack/blob/develop/share/spack/spack-completion.bash>`_.

+
+-------------
+Writing Hooks
+-------------
+
+A hook is a callback that makes it easy to design functions that run
+for different events. We do this by way of defining hook types, and then
+inserting them at different places in the spack code base. Whenever a hook
+type triggers by way of a function call, we find all the hooks of that type,
+and run them.
+
+Spack defines hooks by way of a module at ``lib/spack/spack/hooks`` where we can define
+types of hooks in the ``__init__.py``, and then python files in that folder
+can use hook functions. The files are automatically parsed, so if you write
+a new file for some integration (e.g., ``lib/spack/spack/hooks/myintegration.py``
+you can then write hook functions in that file that will be automatically detected,
+and run whenever your hook is called. This section will cover the basic kind 
+of hooks, and how to write them.
+
+^^^^^^^^^^^^^^
+Types of Hooks
+^^^^^^^^^^^^^^
+
+The following hooks are currently implemented to make it easy for you,
+the developer, to add hooks at different stages of a spack install or similar. 
+If there is a hook that you would like and is missing, you can propose to add a new one.
+
+"""""""""""""""""""""
+``pre_install(spec)``
+"""""""""""""""""""""
+
+A ``pre_install`` hook is run within an install subprocess, directly before
+the install starts. It expects a single argument of a spec, and is run in 
+a multiprocessing subprocess. Note that if you see ``pre_install`` functions associated with packages these are not hooks
+as we have defined them here, but rather callback functions associated with 
+a package install.
+
+
+""""""""""""""""""""""
+``post_install(spec)``
+""""""""""""""""""""""
+
+A ``post_install`` hook is run within an install subprocess, directly after
+the install finishes, but before the build stage is removed. If you
+write one of these hooks, you should expect it to accept a spec as the only
+argument. This is run in a multiprocessing subprocess. This ``post_install`` is
+also seen in packages, but in this context not related to the hooks described
+here.
+
+
+""""""""""""""""""""""""""
+``on_install_start(spec)``
+""""""""""""""""""""""""""
+
+This hook is run at the beginning of ``lib/spack/spack/installer.py``,
+in the install function of a ``PackageInstaller``,
+and importantly is not part of a build process, but before it. This is when
+we have just newly grabbed the task, and are preparing to install. If you 
+write a hook of this type, you should provide the spec to it.
+
+.. code-block:: python
+
+    def on_install_start(spec):
+        """On start of an install, we want to...
+        """
+        print('on_install_start')
+    
+
+""""""""""""""""""""""""""""
+``on_install_success(spec)``
+""""""""""""""""""""""""""""
+
+This hook is run on a successful install, and is also run inside the build
+process, akin to ``post_install``. The main difference is that this hook
+is run outside of the context of the stage directory, meaning after the
+build stage has been removed and the user is alerted that the install was
+successful. If you need to write a hook that is run on success of a particular
+phase, you should use ``on_phase_success``.
+
+""""""""""""""""""""""""""""
+``on_install_failure(spec)``
+""""""""""""""""""""""""""""
+
+This hook is run given an install failure that happens outside of the build
+subprocess, but somewhere in ``installer.py`` when something else goes wrong.
+If you need to write a hook that is relevant to a failure within a build
+process, you would want to instead use ``on_phase_failure``.
+
+
+"""""""""""""""""""""""""""""""""""""""""""""""
+``on_phase_success(pkg, phase_name, log_file)``
+"""""""""""""""""""""""""""""""""""""""""""""""
+
+This hook is run within the install subprocess, and specifically when a phase
+successfully finishes. Since we are interested in the package, the name of
+the phase, and any output from it, we require:
+
+ - **pkg**: the package variable, which also has the attached spec at ``pkg.spec``
+ - **phase_name**: the name of the phase that was successful (e.g., configure)
+ - **log_file**: the path to the file with output, in case you need to inspect or otherwise interact with it.
+
+"""""""""""""""""""""""""""""""""""""""""""""
+``on_phase_error(pkg, phase_name, log_file)``
+"""""""""""""""""""""""""""""""""""""""""""""
+
+In the case of an error during a phase, we might want to trigger some event
+with a hook, and this is the purpose of this particular hook. Akin to
+``on_phase_success`` we require the same variables - the package that failed,
+the name of the phase, and the log file where we might find errors.
+
+"""""""""""""""""""""""""""""""""
+``on_analyzer_save(pkg, result)``
+"""""""""""""""""""""""""""""""""
+
+After an analyzer has saved some result for a package, this hook is called,
+and it provides the package that we just ran the analysis for, along with
+the loaded result. Typically, a result is structured to have the name
+of the analyzer as key, and the result object that is defined in detail in
+:ref:`analyzer_run_function`.
+
+.. code-block:: python
+
+    def on_analyzer_save(pkg, result):
+        """given a package and a result...
+        """
+        print('Do something extra with a package analysis result here')
+
+
+^^^^^^^^^^^^^^^^^^^^^^
+Adding a New Hook Type
+^^^^^^^^^^^^^^^^^^^^^^
+
+Adding a new hook type is very simple!  In ``lib/spack/spack/hooks/__init__.py``
+you can simply create a new ``HookRunner`` that is named to match your new hook.
+For example, let's say you want to add a new hook called ``post_log_write``
+to trigger after anything is written to a logger. You would add it as follows:
+
+.. code-block:: python
+
+    # pre/post install and run by the install subprocess
+    pre_install = HookRunner('pre_install')
+    post_install = HookRunner('post_install')
+
+    # hooks related to logging
+    post_log_write = HookRunner('post_log_write') # <- here is my new hook! 
+    
+
+You then need to decide what arguments my hook would expect. Since this is
+related to logging, let's say that you want a message and level. That means
+that when you add a python file to the ``lib/spack/spack/hooks``
+folder with one or more callbacks intended to be triggered by this hook. You might
+use my new hook as follows:
+
+.. code-block:: python
+
+    def post_log_write(message, level):
+        """Do something custom with the messsage and level every time we write
+        to the log
+        """
+        print('running post_log_write!')
+
+
+To use the hook, we would call it as follows somewhere in the logic to do logging.
+In this example, we use it outside of a logger that is already defined:
+
+.. code-block:: python
+
+    import spack.hooks
+
+    # We do something here to generate a logger and message
+    spack.hooks.post_log_write(message, logger.level)
+
+
+This is not to say that this would be the best way to implement an integration
+with the logger (you'd probably want to write a custom logger, or you could
+have the hook defined within the logger) but serves as an example of writing a hook. 
+
 ----------
 Unit tests
 ----------
@@ -402,7 +834,7 @@ you can specify the interpreter with ``-i``:
 .. code-block:: console

   $ spack python -i ipython
-   Python 3.8.3 (default, May 19 2020, 18:47:26) 
+   Python 3.8.3 (default, May 19 2020, 18:47:26)
   Type 'copyright', 'credits' or 'license' for more information
   IPython 7.17.0 -- An enhanced Interactive Python. Type '?' for help.

@@ -430,11 +862,55 @@ or a file:
   $ spack python ~/test_fetching.py
   $ spack python -i ipython ~/test_fetching.py

-just like you would with the normal ``python`` command. 
+just like you would with the normal ``python`` command.


 .. _cmd-spack-url:

+
+^^^^^^^^^^^^^^^
+``spack blame``
+^^^^^^^^^^^^^^^
+
+Spack blame is a way to quickly see contributors to packages or files
+in the spack repository. You should provide a target package name or 
+file name to the command. Here is an example asking to see contributions
+for the package "python":
+
+.. code-block:: console
+
+    $ spack blame python
+    LAST_COMMIT  LINES  %      AUTHOR            EMAIL
+    2 weeks ago  3      0.3    Mickey Mouse   <cheddar@gmouse.org>
+    a month ago  927    99.7   Minnie Mouse   <swiss@mouse.org>
+                                        
+    2 weeks ago  930    100.0  
+
+
+By default, you will get a table view (shown above) sorted by date of contribution,
+with the most recent contribution at the top.  If you want to sort instead
+by percentage of code contribution, then add ``-p``:
+
+.. code-block:: console
+
+    $ spack blame -p python
+
+
+And to see the git blame view, add ``-g`` instead:
+
+
+.. code-block:: console
+
+    $ spack blame -g python
+
+
+Finally, to get a json export of the data, add ``--json``:
+
+.. code-block:: console
+
+    $ spack blame --json python
+
+
 ^^^^^^^^^^^^^
 ``spack url``
 ^^^^^^^^^^^^^
@@ -575,8 +1051,10 @@ develop onto release branches. This is typically done by cherry-picking
 bugfix commits off of ``develop``.

 To avoid version churn for users of a release series, minor releases
-should **not** make changes that would change the concretization of
+**should not** make changes that would change the concretization of
 packages. They should generally only contain fixes to the Spack core.
+However, sometimes priorities are such that new functionality needs to
+be added to a minor release.

 Both major and minor releases are tagged. After each release, we merge
 the release branch back into ``develop`` so that the version bump and any
@@ -585,50 +1063,51 @@ convenience, we also tag the latest release as ``releases/latest``,
 so that users can easily check it out to get the latest
 stable version. See :ref:`merging-releases` for more details.

-
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Scheduling work for releases
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 We schedule work for releases by creating `GitHub projects
 <https://github.com/spack/spack/projects>`_. At any time, there may be
-several open release projects. For example, here are two releases (from
+several open release projects. For example, below are two releases (from
 some past version of the page linked above):

 .. image:: images/projects.png

-Here, there's one release in progress for ``0.15.1`` and another for
+This image shows one release in progress for ``0.15.1`` and another for
 ``0.16.0``. Each of these releases has a project board containing issues
 and pull requests. GitHub shows a status bar with completed work in
 green, work in progress in purple, and work not started yet in gray, so
 it's fairly easy to see progress.

-Spack's project boards are not firm commitments, and we move work between
+Spack's project boards are not firm commitments so we move work between
 releases frequently. If we need to make a release and some tasks are not
-yet done, we will simply move them to next minor or major release, rather
+yet done, we will simply move them to the next minor or major release, rather
 than delaying the release to complete them.

 For more on using GitHub project boards, see `GitHub's documentation
 <https://docs.github.com/en/github/managing-your-work-on-github/about-project-boards>`_.

+
 .. _major-releases:

 ^^^^^^^^^^^^^^^^^^^^^
-Making Major Releases
+Making major releases
 ^^^^^^^^^^^^^^^^^^^^^

-Assuming you've already created a project board and completed the work
-for a major release, the steps to make the release are as follows:
+Assuming a project board has already been created and all required work
+completed, the steps to make the major release are:

 #. Create two new project boards:

   * One for the next major release
   * One for the next point release

-#. Move any tasks that aren't done yet to one of the new project boards.
-   Small bugfixes should go to the next point release. Major features,
-   refactors, and changes that could affect concretization should go in
-   the next major release.
+#. Move any optional tasks that are not done to one of the new project boards.
+
+   In general, small bugfixes should go to the next point release. Major
+   features, refactors, and changes that could affect concretization should
+   go in the next major release.

 #. Create a branch for the release, based on ``develop``:

@@ -640,11 +1119,14 @@ for a major release, the steps to make the release are as follows:
   ``releases/vX.Y``. That is, you should create a ``releases/vX.Y``
   branch if you are preparing the ``X.Y.0`` release.

-#. Bump the version in ``lib/spack/spack/__init__.py``. See `this example from 0.13.0
+#. Bump the version in ``lib/spack/spack/__init__.py``.
+
+   See `this example from 0.13.0
   <https://github.com/spack/spack/commit/8eeb64096c98b8a43d1c587f13ece743c864fba9>`_

-#. Update ``CHANGELOG.md`` with major highlights in bullet form. Use
-   proper markdown formatting, like `this example from 0.15.0
+#. Update ``CHANGELOG.md`` with major highlights in bullet form.
+
+   Use proper markdown formatting, like `this example from 0.15.0
   <https://github.com/spack/spack/commit/d4bf70d9882fcfe88507e9cb444331d7dd7ba71c>`_.

 #. Push the release branch to GitHub.
@@ -668,33 +1150,33 @@ for a major release, the steps to make the release are as follows:
 .. _point-releases:

 ^^^^^^^^^^^^^^^^^^^^^
-Making Point Releases
+Making point releases
 ^^^^^^^^^^^^^^^^^^^^^

-This assumes you've already created a project board for a point release
-and completed the work to be done for the release. To make a point
-release:
+Assuming a project board has already been created and all required work
+completed, the steps to make the point release are:

-#. Create one new project board for the next point release.
+#. Create a new project board for the next point release.

-#. Move any cards that aren't done yet to the next project board.
+#. Move any optional tasks that are not done to the next project board.

-#. Check out the release branch (it should already exist). For the
-   ``X.Y.Z`` release, the release branch is called ``releases/vX.Y``. For
-   ``v0.15.1``, you would check out ``releases/v0.15``:
+#. Check out the release branch (it should already exist).
+
+    For the ``X.Y.Z`` release, the release branch is called ``releases/vX.Y``.
+    For ``v0.15.1``, you would check out ``releases/v0.15``:

   .. code-block:: console

      $ git checkout releases/v0.15

 #. Cherry-pick each pull request in the ``Done`` column of the release
-   project onto the release branch.
+   project board onto the release branch.

   This is **usually** fairly simple since we squash the commits from the
-   vast majority of pull requests, which means there is only one commit
+   vast majority of pull requests. That means there is only one commit
   per pull request to cherry-pick. For example, `this pull request
   <https://github.com/spack/spack/pull/15777>`_ has three commits, but
-   the were squashed into a single commit on merge. You can see the
+   they were squashed into a single commit on merge. You can see the
   commit that was created here:

   .. image:: images/pr-commit.png
@@ -706,9 +1188,8 @@ release:

      $ git cherry-pick 7e46da7

-   For pull requests that were rebased, you'll need to cherry-pick each
-   rebased commit individually. There have not been any rebased PRs like
-   this in recent point releases.
+   For pull requests that were rebased (or not squashed), you'll need to
+   cherry-pick each associated commit individually.

   .. warning::

@@ -721,30 +1202,35 @@ release:
      cherry-picked all the commits in order. This generally means there
      is some other intervening pull request that the one you're trying
      to pick depends on. In these cases, you'll need to make a judgment
-      call:
+      call regarding those pull requests.  Consider the number of affected
+      files and or the resulting differences.

-      1. If the dependency is small, you might just cherry-pick it, too.
-         If you do this, add it to the release board.
+      1. If the dependency changes are small, you might just cherry-pick it,
+         too. If you do this, add the task to the release board.

-      2. If it is large, then you may decide that this fix is not worth
-         including in a point release, in which case you should remove it
-         from the release project.
+      2. If the changes are large, then you may decide that this fix is not
+         worth including in a point release, in which case you should remove
+         the task from the release project.

      3. You can always decide to manually back-port the fix to the release
         branch if neither of the above options makes sense, but this can
         require a lot of work. It's seldom the right choice.

-#. Bump the version in ``lib/spack/spack/__init__.py``. See `this example from 0.14.1
+#. Bump the version in ``lib/spack/spack/__init__.py``.
+
+   See `this example from 0.14.1
   <https://github.com/spack/spack/commit/ff0abb9838121522321df2a054d18e54b566b44a>`_.

-#. Update ``CHANGELOG.md`` with a list of bugfixes. This is typically just a
-   summary of the commits you cherry-picked onto the release branch. See
-   `the changelog from 0.14.1
+#. Update ``CHANGELOG.md`` with a list of the changes.
+
+   This is typically a summary of the commits you cherry-picked onto the
+   release branch. See `the changelog from 0.14.1
   <https://github.com/spack/spack/commit/ff0abb9838121522321df2a054d18e54b566b44a>`_.

 #. Push the release branch to GitHub.

 #. Make sure CI passes on the release branch, including:
+
   * Regular unit tests
   * Build tests
   * The E4S pipeline at `gitlab.spack.io <https://gitlab.spack.io>`_
@@ -767,23 +1253,26 @@ release:
 Publishing a release on GitHub
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

-#. Go to `github.com/spack/spack/releases
-   <https://github.com/spack/spack/releases>`_ and click ``Draft a new
-   release``.  Set the following:
+#. Create the release in GitHub.

-   * ``Tag version`` should start with ``v`` and contain *all three*
-     parts of the version, .g. ``v0.15.1``. This is the name of the tag
-     that will be created.
+   * Go to 
+     `github.com/spack/spack/releases <https://github.com/spack/spack/releases>`_
+     and click ``Draft a new release``.

-   * ``Target`` should be the ``releases/vX.Y`` branch (e.g., ``releases/v0.15``).
+   * Set ``Tag version`` to the name of the tag that will be created.

-   * ``Release title`` should be ``vX.Y.Z`` (To match the tag, e.g., ``v0.15.1``).
+     The name should start with ``v`` and contain *all three*
+     parts of the version (e.g. ``v0.15.0`` or ``v0.15.1``).

-   * For the text, paste the latest release markdown from your ``CHANGELOG.md``.
+   * Set ``Target`` to the ``releases/vX.Y`` branch (e.g., ``releases/v0.15``).

-   You can save the draft and keep coming back to this as you prepare the release.
+   * Set ``Release title`` to ``vX.Y.Z`` to match the tag (e.g., ``v0.15.1``).

-#. When you are done, click ``Publish release``.
+   * Paste the latest release markdown from your ``CHANGELOG.md`` file as the text.
+
+   * Save the draft so you can keep coming back to it as you prepare the release.
+
+#. When you are ready to finalize the release, click ``Publish release``.

 #. Immediately after publishing, go back to
   `github.com/spack/spack/releases
@@ -791,22 +1280,26 @@ Publishing a release on GitHub
   auto-generated ``.tar.gz`` file for the release. It's the ``Source
   code (tar.gz)`` link.

-#. Click ``Edit`` on the release you just did and attach the downloaded
+#. Click ``Edit`` on the release you just made and attach the downloaded
   release tarball as a binary. This does two things:

-   #. Makes sure that the hash of our releases doesn't change over time.
-      GitHub sometimes annoyingly changes they way they generate
-      tarballs, and then hashes can change if you rely on the
+   #. Makes sure that the hash of our releases does not change over time.
+
+      GitHub sometimes annoyingly changes the way they generate tarballs
+      that can result in the hashes changing if you rely on the
      auto-generated tarball links.

-   #. Gets us download counts on releases visible through the GitHub
-      API. GitHub tracks downloads of artifacts, but *not* the source
+   #. Gets download counts on releases visible through the GitHub API.
+
+      GitHub tracks downloads of artifacts, but *not* the source
      links. See the `releases
      page <https://api.github.com/repos/spack/spack/releases>`_ and search
      for ``download_count`` to see this.

-#. Go to `readthedocs.org <https://readthedocs.org/projects/spack>`_ and activate
-   the release tag. This builds the documentation and makes the released version
+#. Go to `readthedocs.org <https://readthedocs.org/projects/spack>`_ and
+   activate the release tag.
+
+   This builds the documentation and makes the released version
   selectable in the versions menu.


@@ -820,23 +1313,23 @@ If the new release is the **highest** Spack release yet, you should
 also tag it as ``releases/latest``. For example, suppose the highest
 release is currently ``0.15.3``:

-     * If you are releasing ``0.15.4`` or ``0.16.0``, then you should tag
-       it with ``releases/latest``, as these are higher than ``0.15.3``.
+* If you are releasing ``0.15.4`` or ``0.16.0``, then you should tag
+  it with ``releases/latest``, as these are higher than ``0.15.3``.

-     * If you are making a new release of an **older** major version of
-       Spack, e.g. ``0.14.4``, then you should not tag it as
-       ``releases/latest`` (as there are newer major versions).
+* If you are making a new release of an **older** major version of
+  Spack, e.g. ``0.14.4``, then you should not tag it as
+  ``releases/latest`` (as there are newer major versions).

-   To tag ``releases/latest``, do this:
+To tag ``releases/latest``, do this:

-   .. code-block:: console
+.. code-block:: console

-      $ git checkout releases/vX.Y     # vX.Y is the new release's branch
-      $ git tag --force releases/latest
-      $ git push --tags
+   $ git checkout releases/vX.Y     # vX.Y is the new release's branch
+   $ git tag --force releases/latest
+   $ git push --force --tags

-   The ``--force`` argument makes ``git`` overwrite the existing
-   ``releases/latest`` tag with the new one.
+The ``--force`` argument to ``git tag`` makes ``git`` overwrite the existing
+``releases/latest`` tag with the new one.

 We also merge each release that we tag as ``releases/latest`` into ``develop``.
 Make sure to do this with a merge commit:
@@ -844,17 +1337,17 @@ Make sure to do this with a merge commit:
 .. code-block:: console

   $ git checkout develop
-   $ git merge --no-ff vX.Y.Z  # vX.Y.Z is the new release's tag
+   $ git merge --no-ff -s ours vX.Y.Z  # vX.Y.Z is the new release's tag
   $ git push

 We merge back to ``develop`` because it:

-  * updates the version and ``CHANGELOG.md`` on ``develop``.
+  * updates the version and ``CHANGELOG.md`` on ``develop``; and
  * ensures that your release tag is reachable from the head of
-    ``develop``
+    ``develop``.

-We *must* use a real merge commit (via the ``--no-ff`` option) because it
-ensures that the release tag is reachable from the tip of ``develop``.
+We *must* use a real merge commit (via the ``--no-ff`` option) to
+ensure that the release tag is reachable from the tip of ``develop``.
 This is necessary for ``spack -V`` to work properly -- it uses ``git
 describe --tags`` to find the last reachable tag in the repository and
 reports how far we are from it. For example:
@@ -872,6 +1365,7 @@ the release is complete and tagged. If you do it before you've tagged the
 release and later decide you want to tag some later commit, you'll need
 to merge again.

+
 .. _announcing-releases:

 ^^^^^^^^^^^^^^^^^^^^
@@ -882,20 +1376,40 @@ We announce releases in all of the major Spack communication channels.
 Publishing the release takes care of GitHub. The remaining channels are
 Twitter, Slack, and the mailing list. Here are the steps:

-#. Make a tweet to announce the release. It should link to the release's
-   page on GitHub. You can base it on `this example tweet
-   <https://twitter.com/spackpm/status/1231761858182307840>`_.
+#. Announce the release on Twitter.

-#. Ping ``@channel`` in ``#general`` on Slack (`spackpm.slack.com
-   <https://spackpm.slack.com>`_) with a link to the tweet. The tweet
-   will be shown inline so that you do not have to retype your release
-   announcement.
+   * Compose the tweet on the ``@spackpm`` account per the
+     ``spack-twitter`` slack channel.

-#. Email the Spack mailing list to let them know about the release. As
-   with the tweet, you likely want to link to the release's page on
-   GitHub. It's also helpful to include some information directly in the
-   email. You can base yours on this `example email
-   <https://groups.google.com/forum/#!topic/spack/WT4CT9i_X4s>`_.
+   * Be sure to include a link to the release's page on GitHub.

-Once you've announced the release, congratulations, you're done! You've
-finished making the release!
+     You can base the tweet on `this
+     example <https://twitter.com/spackpm/status/1231761858182307840>`_.
+
+#. Announce the release on Slack.
+
+   * Compose a message in the ``#general`` Slack channel
+     (`spackpm.slack.com <https://spackpm.slack.com>`_).
+
+   * Preface the message with ``@channel`` to notify even those
+     people not currently logged in.
+
+   * Be sure to include a link to the tweet above.
+
+   The tweet will be shown inline so that you do not have to retype
+   your release announcement.
+
+#. Announce the release on the Spack mailing list.
+
+   * Compose an email to the Spack mailing list.
+
+   * Be sure to include a link to the release's page on GitHub.
+
+   * It is also helpful to include some information directly in the
+     email.
+
+   You can base your announcement on this `example
+   email <https://groups.google.com/forum/#!topic/spack/WT4CT9i_X4s>`_.
+
+Once you've completed the above steps, congratulations, you're done!
+You've finished making the release!
--- a/lib/spack/docs/environments.rst
+++ b/lib/spack/docs/environments.rst
@@ -248,9 +248,9 @@ Users can add abstract specs to an Environment using the ``spack add``
 command. The most important component of an Environment is a list of
 abstract specs.

-Adding a spec adds to the manifest (the ``spack.yaml`` file) and to
-the roots of the Environment, but does not affect the concrete specs
-in the lockfile, nor does it install the spec.
+Adding a spec adds to the manifest (the ``spack.yaml`` file), which is
+used to define the roots of the Environment, but does not affect the
+concrete specs in the lockfile, nor does it install the spec.

 The ``spack add`` command is environment aware. It adds to the
 currently active environment. All environment aware commands can also
@@ -356,6 +356,18 @@ command also stores a Spack repo containing the ``package.py`` file
 used at install time for each package in the ``repos/`` directory in
 the Environment.

+The ``--no-add`` option can be used in a concrete environment to tell
+spack to install specs already present in the environment but not to
+add any new root specs to the environment.  For root specs provided
+to ``spack install`` on the command line, ``--no-add`` is the default,
+while for dependency specs on the other hand, it is optional.  In other
+words, if there is an unambiguous match in the active concrete environment
+for a root spec provided to ``spack install`` on the command line, spack
+does not require you to specify the ``--no-add`` option to prevent the spec
+from being added again.  At the same time, a spec that already exists in the
+environment, but only as a dependency, will be added to the environment as a
+root spec without the ``--no-add`` option.
+
 ^^^^^^^
 Loading
 ^^^^^^^
@@ -711,6 +723,8 @@ Spack Environment managed views are updated every time the environment
 is written out to the lock file ``spack.lock``, so the concrete
 environment and the view are always compatible.

+.. _configuring_environment_views:
+
 """""""""""""""""""""""""""""
 Configuring environment views
 """""""""""""""""""""""""""""
--- a/lib/spack/docs/getting_started.rst
+++ b/lib/spack/docs/getting_started.rst
@@ -19,7 +19,7 @@ before Spack is run:
 #. Python 2 (2.6 or 2.7) or 3 (3.5 - 3.9) to run Spack
 #. A C/C++ compiler for building
 #. The ``make`` executable for building
-#. The ``tar``, ``gzip``, ``bzip2``, ``xz`` and optionally ``zstd``
+#. The ``tar``, ``gzip``, ``unzip``, ``bzip2``, ``xz`` and optionally ``zstd``
   executables for extracting source code
 #. The ``patch`` command to apply patches
 #. The ``git`` and ``curl`` commands for fetching
@@ -70,7 +70,13 @@ Sourcing these files will put the ``spack`` command in your ``PATH``, set
 up your ``MODULEPATH`` to use Spack's packages, and add other useful
 shell integration for :ref:`certain commands <packaging-shell-support>`,
 :ref:`environments <environments>`, and :ref:`modules <modules>`. For
-``bash``, it also sets up tab completion.
+``bash`` and ``zsh``, it also sets up tab completion.
+
+In order to know which directory to add to your ``MODULEPATH``, these scripts
+query the ``spack`` command. On shared filesystems, this can be a bit slow,
+especially if you log in frequently. If you don't use modules, or want to set
+``MODULEPATH`` manually instead, you can set the ``SPACK_SKIP_MODULES``
+environment variable to skip this step and speed up sourcing the file.

 If you do not want to use Spack's shell support, you can always just run
 the ``spack`` command directly from ``spack/bin/spack``.
@@ -1119,6 +1125,33 @@ Secret keys may also be later exported using the
      <https://www.digitalocean.com/community/tutorials/how-to-setup-additional-entropy-for-cloud-servers-using-haveged>`_
      provides a good overview of sources of randomness.

+Here is an example of creating a key. Note that we provide a name for the key first
+(which we can use to reference the key later) and an email address:
+
+.. code-block:: console
+
+    $ spack gpg create dinosaur dinosaur@thedinosaurthings.com
+
+
+If you want to export the key as you create it:
+
+
+.. code-block:: console
+
+    $ spack gpg create --export key.pub dinosaur dinosaur@thedinosaurthings.com
+
+Or the private key:
+
+
+.. code-block:: console
+
+    $ spack gpg create --export-secret key.priv dinosaur dinosaur@thedinosaurthings.com
+
+
+You can include both ``--export`` and ``--export-secret``, each with
+an output file of choice, to export both.
+
+
 ^^^^^^^^^^^^
 Listing keys
 ^^^^^^^^^^^^
@@ -1127,7 +1160,22 @@ In order to list the keys available in the keyring, the
 ``spack gpg list`` command will list trusted keys with the ``--trusted`` flag
 and keys available for signing using ``--signing``. If you would like to
 remove keys from your keyring, ``spack gpg untrust <keyid>``. Key IDs can be
-email addresses, names, or (best) fingerprints.
+email addresses, names, or (best) fingerprints. Here is an example of listing
+the key that we just created:
+
+.. code-block:: console
+
+    gpgconf: socketdir is '/run/user/1000/gnupg'
+    /home/spackuser/spack/opt/spack/gpg/pubring.kbx
+    ----------------------------------------------------------
+    pub   rsa4096 2021-03-25 [SC]
+          60D2685DAB647AD4DB54125961E09BB6F2A0ADCB
+    uid           [ultimate] dinosaur (GPG created for Spack) <dinosaur@thedinosaurthings.com>
+
+
+Note that the name "dinosaur" can be seen under the uid, which is the unique
+id. We might need this reference if we want to export or otherwise reference the key.
+

 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 Signing and Verifying Packages
@@ -1142,6 +1190,38 @@ may also be used to create a signed file which contains the contents, but it
 is not recommended. Signed packages may be verified by using
 ``spack gpg verify <file>``.

+
+^^^^^^^^^^^^^^
+Exporting Keys
+^^^^^^^^^^^^^^
+
+You likely might want to export a public key, and that looks like this. Let's
+use the previous example and ask spack to export the key with uid "dinosaur."
+We will provide an output location (typically a `*.pub` file) and the name of
+the key.
+
+.. code-block:: console
+
+    $ spack gpg export dinosaur.pub dinosaur
+
+You can then look at the created file, `dinosaur.pub`, to see the exported key.
+If you want to include the private key, then just add `--secret`:
+
+.. code-block:: console
+
+    $ spack gpg export --secret dinosaur.priv dinosaur
+
+This will write the private key to the file `dinosaur.priv`.
+
+.. warning::
+
+    You should be very careful about exporting private keys. You likely would
+    only want to do this in the context of moving your spack installation to
+    a different server, and wanting to preserve keys for a buildcache. If you
+    are unsure about exporting, you can ask your local system administrator
+    or for help on an issue or the Spack slack.
+
+
 .. _cray-support:

 -------------
--- a/lib/spack/docs/index.rst
+++ b/lib/spack/docs/index.rst
@@ -67,6 +67,7 @@ or refer to the full manual below.
   build_settings
   environments
   containers
+   monitoring
   mirrors
   module_file_support
   repositories
@@ -77,6 +78,12 @@ or refer to the full manual below.
   extensions
   pipelines

+.. toctree::
+   :maxdepth: 2
+   :caption: Research
+
+   analyze
+
 .. toctree::
   :maxdepth: 2
   :caption: Contributing
--- a/lib/spack/docs/mirrors.rst
+++ b/lib/spack/docs/mirrors.rst
@@ -159,6 +159,27 @@ can supply a file with specs in it, one per line:
 This is useful if there is a specific suite of software managed by
 your site.

+^^^^^^^^^^^^^^^^^^
+Mirror environment
+^^^^^^^^^^^^^^^^^^
+
+To create a mirror of all packages required by a concerte environment, activate the environment and call ``spack mirror create -a``.
+This is especially useful to create a mirror of an environment concretized on another machine.
+
+.. code-block:: console
+
+   [remote] $ spack env create myenv
+   [remote] $ spack env activate myenv
+   [remote] $ spack add ...
+   [remote] $ spack concretize
+   
+   $ sftp remote:/spack/var/environment/myenv/spack.lock
+   $ spack env create myenv spack.lock
+   $ spack env activate myenv
+   $ spack mirror create -a
+  
+
+
 .. _cmd-spack-mirror-add:

 --------------------
--- a/lib/spack/docs/module_file_support.rst
+++ b/lib/spack/docs/module_file_support.rst
@@ -71,9 +71,24 @@ Module file customization
 -------------------------

 Module files are generated by post-install hooks after the successful
-installation of a package. The table below summarizes the essential
-information associated with the different file formats
-that can be generated by Spack:
+installation of a package.
+
+.. note::
+
+   Spack only generates modulefiles when a package is installed. If
+   you attempt to install a package and it is already installed, Spack
+   will not regenerate modulefiles for the package. This may to
+   inconsistent modulefiles if the Spack module configuration has
+   changed since the package was installed, either by editing a file
+   or changing scopes or environments.
+
+   Later in this section there is a subsection on :ref:`regenerating
+   modules <cmd-spack-module-refresh>` that will allow you to bring
+   your modules to a consistent state.
+
+The table below summarizes the essential information associated with
+the different file formats that can be generated by Spack:
+

  +-----------------------------+--------------------+-------------------------------+----------------------------------------------+----------------------+
  |                             | **Hook name**      |  **Default root directory**   | **Default template file**                    | **Compatible tools** |
@@ -130,9 +145,8 @@ list of environment modifications.
  to the corresponding environment variables:

  ================== =================================
-   LIBRARY_PATH       ``self.prefix/rlib/R/lib``
   LD_LIBRARY_PATH    ``self.prefix/rlib/R/lib``
-   CPATH              ``self.prefix/rlib/R/include``
+   PKG_CONFIG_PATH    ``self.prefix/rlib/pkgconfig``
  ================== =================================

  with the following snippet:
@@ -164,6 +178,46 @@ the installation folder of each package for the presence of a set of subdirector
 (``bin``, ``man``, ``share/man``, etc.). If any is found its full path is prepended
 to the environment variables listed below the folder name.

+Spack modules can be configured for multiple module sets. The default
+module set is named ``default``. All Spack commands which operate on
+modules default to apply the ``default`` module set, but can be
+applied to any module set in the configuration. Settings applied at
+the root of the configuration (e.g. ``modules:enable`` rather than
+``modules:default:enable``) are applied to the default module set for
+backwards compatibility.
+
+"""""""""""""""""""""""""
+Changing the modules root
+"""""""""""""""""""""""""
+
+As shown in the table above, the default module root for ``lmod`` is
+``$spack/share/spack/lmod`` and the default root for ``tcl`` is
+``$spack/share/spack/modules``. This can be overridden for any module
+set by changing the ``roots`` key of the configuration.
+
+.. code-block:: yaml
+
+   modules:
+     default:
+       roots:
+         tcl: /path/to/install/tcl/modules
+     my_custom_lmod_modules:
+       roots:
+         lmod: /path/to/install/custom/lmod/modules
+         ...
+
+This configuration will create two module sets. The default module set
+will install its ``tcl`` modules to ``/path/to/install/tcl/modules``
+(and still install its lmod modules, if any, to the default
+location). The set ``my_custom_lmod_modules`` will install its lmod
+modules to ``/path/to/install/custom/lmod/modules`` (and still install
+its tcl modules, if any, to the default location).
+
+Obviously, having multiple module sets install modules to the default
+location could be confusing to users of your modules. In the next
+section, we will discuss enabling and disabling module types (module
+file generators) for each module set.
+
 """"""""""""""""""""
 Activate other hooks
 """"""""""""""""""""
@@ -179,13 +233,14 @@ to the generator being customized:
 .. code-block:: yaml

   modules:
-     enable:
-       - tcl
-       - lmod
-     tcl:
-       # contains environment modules specific customizations
-     lmod:
-       # contains lmod specific customizations
+     default:
+       enable:
+         - tcl
+         - lmod
+       tcl:
+         # contains environment modules specific customizations
+       lmod:
+         # contains lmod specific customizations

 In general, the configuration options that you can use in ``modules.yaml`` will
 either change the layout of the module files on the filesystem, or they will affect
@@ -400,10 +455,16 @@ that are already in the LMod hierarchy.
 Customize environment modifications
 """""""""""""""""""""""""""""""""""

-You can control which prefixes in a Spack package are added to environment
-variables with the ``prefix_inspections`` section; this section maps relative
-prefixes to the list of environment variables which should be updated with
-those prefixes.
+You can control which prefixes in a Spack package are added to
+environment variables with the ``prefix_inspections`` section; this
+section maps relative prefixes to the list of environment variables
+which should be updated with those prefixes.
+
+The ``prefix_inspections`` configuration is different from other
+settings in that a ``prefix_inspections`` configuration at the
+``modules`` level of the configuration file applies to all module
+sets. This allows users to make general overrides to the default
+inspections and customize them per-module-set.

 .. code-block:: yaml

@@ -416,10 +477,66 @@ those prefixes.
      '':
        - CMAKE_PREFIX_PATH

-In this case, for a Spack package ``foo`` installed to ``/spack/prefix/foo``,
-the generated module file for ``foo`` would update ``PATH`` to contain
+Prefix inspections are only applied if the relative path inside the
+installation prefix exists. In this case, for a Spack package ``foo``
+installed to ``/spack/prefix/foo``, if ``foo`` installs executables to
+``bin`` but no libraries in ``lib``, the generated module file for
+``foo`` would update ``PATH`` to contain ``/spack/prefix/foo/bin`` and
+``CMAKE_PREFIX_PATH`` to contain ``/spack/prefix/foo``, but would not
+update ``LIBRARY_PATH``.
+
+There is a special case for prefix inspections relative to environment
+views. If all of the following conditions hold for a module set
+configuration:
+
+#. The configuration is for an :ref:`environment <environments>` and
+   will never be applied outside the environment,
+#. The environment in question is configured to use a :ref:`view
+   <filesystem-views>`,
+#. The :ref:`environment view is configured
+   <configuring_environment_views>` with a projection that ensures
+   every package is linked to a unique directory,
+
+then the module set may be configured to create modules relative to
+the environment view. This is specified by the ``use_view``
+configuration option in the module set. If ``True``, the module set is
+constructed relative to the default view of the
+environment. Otherwise, the value must be the name of the environment
+view relative to which to construct modules, or ``False-ish`` to
+disable the feature explicitly (the default is ``False``).
+
+If the ``use_view`` value is set in the config, then the prefix
+inspections for the package are done relative to the package's path in
+the view.
+
+.. code-block:: yaml
+
+   spack:
+     modules:
+       view_relative_modules:
+         use_view: my_view
+       prefix_inspections:
+         bin:
+           - PATH
+     view:
+       my_view:
+         projections:
+           root: /path/to/my/view
+           all:  '{name}-{hash}'
+
+The ``spack`` key is relevant to :ref:`environment <environments>`
+configuration, and the view key is discussed in detail in the section
+on :ref:`Configuring environment views
+<configuring_environment_views>`. With this configuration the
+generated module for package ``foo`` would set ``PATH`` to include
+``/path/to/my/view/foo-<hash>/bin`` instead of
 ``/spack/prefix/foo/bin``.

+The ``use_view`` option is useful when deploying a large software
+stack to users who are likely to inspect the modules to find full
+paths to software, when it is desirable to present the users with a
+simpler set of paths than those generated by the Spack install tree.
+
 """"""""""""""""""""""""""""""""""""
 Filter out environment modifications
 """"""""""""""""""""""""""""""""""""
--- a/lib/spack/docs/monitoring.rst
+++ b/lib/spack/docs/monitoring.rst
@@ -0,0 +1,265 @@
+.. Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+   Spack Project Developers. See the top-level COPYRIGHT file for details.
+
+   SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+.. _monitoring:
+
+==========
+Monitoring
+==========
+
+You can use a `spack monitor <https://github.com/spack/spack-monitor>`_ "Spackmon"
+server to store a database of your packages, builds, and associated metadata 
+for provenance, research, or some other kind of development. You should
+follow the instructions in the `spack monitor documentation <https://spack-monitor.readthedocs.org>`_
+to first create a server along with a username and token for yourself.
+You can then use this guide to interact with the server.
+
+-------------------
+Analysis Monitoring
+-------------------
+
+To read about how to monitor an analysis (meaning you want to send analysis results
+to a server) see :ref:`analyze_monitoring`.
+
+---------------------
+Monitoring An Install
+---------------------
+
+Since an install is typically when you build packages, we logically want
+to tell spack to monitor during this step. Let's start with an example
+where we want to monitor the install of hdf5. Unless you have disabled authentication
+for the server, we first want to export our spack monitor token and username to the environment:
+
+.. code-block:: console
+ 
+    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+    $ export SPACKMON_USER=spacky
+
+
+By default, the host for your server is expected to be at ``http://127.0.0.1``
+with a prefix of ``ms1``, and if this is the case, you can simply add the
+``--monitor`` flag to the install command:
+
+.. code-block:: console
+
+    $ spack install --monitor hdf5
+
+
+If you need to customize the host or the prefix, you can do that as well:
+
+.. code-block:: console
+
+    $ spack install --monitor --monitor-prefix monitor --monitor-host https://monitor-service.io hdf5
+
+
+As a precaution, we cut out early in the spack client if you have not provided
+authentication credentials. For example, if you run the command above without
+exporting your username or token, you'll see:
+
+.. code-block:: console
+
+    ==> Error: You are required to export SPACKMON_TOKEN and SPACKMON_USER
+
+This extra check is to ensure that we don't start any builds,
+and then discover that you forgot to export your token. However, if 
+your monitoring server has authentication disabled, you can tell this to
+the client to skip this step:
+
+.. code-block:: console
+
+    $ spack install --monitor --monitor-disable-auth hdf5
+
+If the service is not running, you'll cleanly exit early - the install will
+not continue if you've asked it to monitor and there is no service.
+For example, here is what you'll see if the monitoring service is not running:
+
+.. code-block:: console
+
+    [Errno 111] Connection refused
+
+
+If you want to continue builds (and stop monitoring) you can set the ``--monitor-keep-going``
+flag. 
+
+.. code-block:: console
+
+    $ spack install --monitor --monitor-keep-going hdf5
+
+This could mean that if a request fails, you only have partial or no data
+added to your monitoring database. This setting will not be applied to the
+first request to check if the server is running, but to subsequent requests.
+If you don't have a monitor server running and you want to build, simply
+don't provide the ``--monitor`` flag! Finally, if you want to provide one or
+more tags to your build, you can do:
+
+.. code-block:: console
+
+    # Add one tag, "pizza"
+    $ spack install --monitor --monitor-tags pizza hdf5
+
+    # Add two tags, "pizza" and "pasta"
+    $ spack install --monitor --monitor-tags pizza,pasta hdf5
+
+
+----------------------------
+Monitoring with Containerize
+----------------------------
+
+The same argument group is available to add to a containerize command. 
+
+^^^^^^
+Docker
+^^^^^^
+
+To add monitoring to a Docker container recipe generation using the defaults,
+and assuming a monitor server running on localhost, you would
+start with a spack.yaml in your present working directory:
+
+.. code-block:: yaml
+
+   spack:
+     specs:
+       - samtools
+
+And then do:
+
+.. code-block:: console
+
+    # preview first
+    spack containerize --monitor
+    
+    # and then write to a Dockerfile
+    spack containerize --monitor > Dockerfile
+    
+    
+The install command will be edited to include commands for enabling monitoring.
+However, getting secrets into the container for your monitor server is something
+that should be done carefully. Specifically you should:
+
+ - Never try to define secrets as ENV, ARG, or using ``--build-arg``
+ - Do not try to get the secret into the container via a "temporary" file that you remove (it in fact will still exist in a layer)
+
+Instead, it's recommended to use buildkit `as explained here <https://pythonspeed.com/articles/docker-build-secrets/>`_.
+You'll need to again export environment variables for your spack monitor server:
+
+.. code-block:: console
+
+    $ export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+    $ export SPACKMON_USER=spacky
+
+And then use buildkit along with your build and identifying the name of the secret:
+
+.. code-block:: console
+
+    $ DOCKER_BUILDKIT=1 docker build --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
+    
+The secrets are expected to come from your environment, and then will be temporarily mounted and available
+at ``/run/secrets/<name>``. If you forget to supply them (and authentication is required) the build
+will fail. If you need to build on your host (and interact with a spack monitor at localhost) you'll
+need to tell Docker to use the host network:
+
+.. code-block:: console
+
+    $ DOCKER_BUILDKIT=1 docker build --network="host" --secret id=st,env=SPACKMON_TOKEN --secret id=su,env=SPACKMON_USER -t spack/container . 
+    
+
+^^^^^^^^^^^
+Singularity
+^^^^^^^^^^^
+
+To add monitoring to a Singularity container build, the spack.yaml needs to
+be modified slightly to specify wanting a different format:
+
+
+.. code-block:: yaml
+
+   spack:
+     specs:
+       - samtools
+     container:
+       format: singularity
+       
+       
+Again, generate the recipe:
+
+
+.. code-block:: console
+
+    # preview first
+    $ spack containerize --monitor
+    
+    # then write to a Singularity recipe
+    $ spack containerize --monitor > Singularity
+
+
+Singularity doesn't have a direct way to define secrets at build time, so we have
+to do a bit of a manual command to add a file, source secrets in it, and remove it.
+Since Singularity doesn't have layers like Docker, deleting a file will truly
+remove it from the container and history. So let's say we have this file,
+``secrets.sh``:
+
+.. code-block:: console
+
+    # secrets.sh
+    export SPACKMON_USER=spack
+    export SPACKMON_TOKEN=50445263afd8f67e59bd79bff597836ee6c05438
+
+
+We would then generate the Singularity recipe, and add a files section,
+a source of that file at the start of ``%post``, and **importantly**
+a removal of the final at the end of that same section.
+
+.. code-block::
+
+    Bootstrap: docker
+    From: spack/ubuntu-bionic:latest
+    Stage: build
+
+    %files
+      secrets.sh /opt/secrets.sh 
+
+    %post
+      . /opt/secrets.sh
+
+      # spack install commands are here
+      ...
+      
+      # Don't forget to remove here!
+      rm /opt/secrets.sh
+
+
+You can then build the container as your normally would.
+
+.. code-block:: console
+
+    $ sudo singularity build container.sif Singularity 
+
+
+------------------
+Monitoring Offline
+------------------
+
+In the case that you want to save monitor results to your filesystem
+and then upload them later (perhaps you are in an environment where you don't
+have credentials or it isn't safe to use them) you can use the ``--monitor-save-local``
+flag.
+
+.. code-block:: console
+
+    $ spack install --monitor --monitor-save-local hdf5 
+
+This will save results in a subfolder, "monitor" in your designated spack
+reports folder, which defaults to ``$HOME/.spack/reports/monitor``. When
+you are ready to upload them to a spack monitor server:
+
+
+.. code-block:: console
+
+    $ spack monitor upload ~/.spack/reports/monitor 
+
+
+You can choose the root directory of results as shown above, or a specific
+subdirectory. The command accepts other arguments to specify configuration
+for the monitor.
--- a/lib/spack/docs/packaging_guide.rst
+++ b/lib/spack/docs/packaging_guide.rst
--- a/lib/spack/docs/pipelines.rst
+++ b/lib/spack/docs/pipelines.rst
@@ -30,52 +30,18 @@ at least one `runner <https://docs.gitlab.com/runner/>`_.  Then the basic steps
 for setting up a build pipeline are as follows:

 #. Create a repository on your gitlab instance
-#. Add a ``spack.yaml`` at the root containing your pipeline environment (see
-   below for details)
+#. Add a ``spack.yaml`` at the root containing your pipeline environment
 #. Add a ``.gitlab-ci.yml`` at the root containing two jobs (one to generate
-   the pipeline dynamically, and one to run the generated jobs), similar to
-   this one:
-
-   .. code-block:: yaml
-
-      stages: [generate, build]
-
-      generate-pipeline:
-        stage: generate
-        tags:
-          - <custom-tag>
-        script:
-          - spack env activate --without-view .
-          - spack ci generate
-            --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
-        artifacts:
-          paths:
-            - "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
-
-      build-jobs:
-        stage: build
-        trigger:
-          include:
-            - artifact: "jobs_scratch_dir/pipeline.yml"
-              job: generate-pipeline
-          strategy: depend
-
-
-#. Add any secrets required by the CI process to environment variables using the
-   CI web ui
+   the pipeline dynamically, and one to run the generated jobs).
 #. Push a commit containing the ``spack.yaml`` and ``.gitlab-ci.yml`` mentioned above
   to the gitlab repository

-The ``<custom-tag>``, above, is used to pick one of your configured runners to
-run the pipeline generation phase (this is implemented in the ``spack ci generate``
-command, which assumes the runner has an appropriate version of spack installed
-and configured for use).  Of course, there are many ways to customize the process.
-You can configure CDash reporting on the progress of your builds, set up S3 buckets
-to mirror binaries built by the pipeline, clone a custom spack repository/ref for
-use by the pipeline, and more.
+See the :ref:`functional_example` section for a minimal working example.  See also
+the :ref:`custom_Workflow` section for a link to an example of a custom workflow
+based on spack pipelines.

-While it is possible to set up pipelines on gitlab.com, the builds there are
-limited to 60 minutes and generic hardware.  It is also possible to
+While it is possible to set up pipelines on gitlab.com, as illustrated above, the
+builds there are limited to 60 minutes and generic hardware.  It is also possible to
 `hook up <https://about.gitlab.com/blog/2018/04/24/getting-started-gitlab-ci-gcp>`_
 Gitlab to Google Kubernetes Engine (`GKE <https://cloud.google.com/kubernetes-engine/>`_)
 or Amazon Elastic Kubernetes Service (`EKS <https://aws.amazon.com/eks>`_), though those
@@ -88,21 +54,144 @@ dynamically generated
 Note that the use of dynamic child pipelines requires running Gitlab version
 ``>= 12.9``.

+.. _functional_example:
+
+------------------
+Functional Example
+------------------
+
+The simplest fully functional standalone example of a working pipeline can be
+examined live at this example `project <https://gitlab.com/scott.wittenburg/spack-pipeline-demo>`_
+on gitlab.com.
+
+Here's the ``.gitlab-ci.yml`` file from that example that builds and runs the
+pipeline:
+
+.. code-block:: yaml
+
+   stages: [generate, build]
+
+   variables:
+     SPACK_REPO: https://github.com/scottwittenburg/spack.git
+     SPACK_REF: pipelines-reproducible-builds
+
+   generate-pipeline:
+     stage: generate
+     tags:
+       - docker
+     image:
+       name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
+       entrypoint: [""]
+     before_script:
+       - git clone ${SPACK_REPO}
+       - pushd spack && git checkout ${SPACK_REF} && popd
+       - . "./spack/share/spack/setup-env.sh"
+     script:
+       - spack env activate --without-view .
+       - spack -d ci generate
+         --artifacts-root "${CI_PROJECT_DIR}/jobs_scratch_dir"
+         --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
+     artifacts:
+       paths:
+         - "${CI_PROJECT_DIR}/jobs_scratch_dir"
+
+   build-jobs:
+     stage: build
+     trigger:
+       include:
+         - artifact: "jobs_scratch_dir/pipeline.yml"
+           job: generate-pipeline
+       strategy: depend
+
+The key thing to note above is that there are two jobs: The first job to run,
+``generate-pipeline``, runs the ``spack ci generate`` command to generate a
+dynamic child pipeline and write it to a yaml file, which is then picked up
+by the second job, ``build-jobs``, and used to trigger the downstream pipeline.
+
+And here's the spack environment built by the pipeline represented as a
+``spack.yaml`` file:
+
+.. code-block:: yaml
+
+   spack:
+     view: false
+     concretization: separately
+
+     definitions:
+     - pkgs:
+       - zlib
+       - bzip2
+     - arch:
+       - '%gcc@7.5.0 arch=linux-ubuntu18.04-x86_64'
+
+     specs:
+     - matrix:
+       - - $pkgs
+       - - $arch
+
+     mirrors: { "mirror": "s3://spack-public/mirror" }
+
+     gitlab-ci:
+       before_script:
+         - git clone ${SPACK_REPO}
+         - pushd spack && git checkout ${SPACK_CHECKOUT_VERSION} && popd
+         - . "./spack/share/spack/setup-env.sh"
+       script:
+         - pushd ${SPACK_CONCRETE_ENV_DIR} && spack env activate --without-view . && popd
+         - spack -d ci rebuild
+       mappings:
+         - match: ["os=ubuntu18.04"]
+           runner-attributes:
+             image:
+               name: ghcr.io/scottwittenburg/ecpe4s-ubuntu18.04-runner-x86_64:2020-09-01
+               entrypoint: [""]
+             tags:
+               - docker
+       enable-artifacts-buildcache: True
+       rebuild-index: False
+
+The elements of this file important to spack ci pipelines are described in more
+detail below, but there are a couple of things to note about the above working
+example:
+
+Normally ``enable-artifacts-buildcache`` is not recommended in production as it
+results in large binary artifacts getting transferred back and forth between
+gitlab and the runners.  But in this example on gitlab.com where there is no
+shared, persistent file system, and where no secrets are stored for giving
+permission to write to an S3 bucket, ``enabled-buildcache-artifacts`` is the only
+way to propagate binaries from jobs to their dependents.
+
+Also, it is usually a good idea to let the pipeline generate a final "rebuild the
+buildcache index" job, so that subsequent pipeline generation can quickly determine
+which specs are up to date and which need to be rebuilt (it's a good idea for other
+reasons as well, but those are out of scope for this discussion).  In this case we
+have disabled it (using ``rebuild-index: False``) because the index would only be
+generated in the artifacts mirror anyway, and consequently would not be available
+during subesequent pipeline runs.
+
+.. note::
+   With the addition of reproducible builds (#22887) a previously working
+   pipeline will require some changes:
+
+   * In the build jobs (``runner-attributes``), the environment location changed.
+     This will typically show as a ``KeyError`` in the failing job. Be sure to
+     point to ``${SPACK_CONCRETE_ENV_DIR}``.
+
+   * When using ``include`` in your environment, be sure to make the included
+     files available in the build jobs. This means adding those files to the
+     artifact directory. Those files will also be missing in the reproducibility
+     artifact.
+
+   * Because the location of the environment changed, including files with
+     relative path may have to be adapted to work both in the project context
+     (generation job) and in the concrete env dir context (build job).
+
 -----------------------------------
 Spack commands supporting pipelines
 -----------------------------------

-Spack provides a command ``ci`` with two sub-commands: ``spack ci generate`` generates
-a pipeline (a .gitlab-ci.yml file) from a spack environment, and ``spack ci rebuild``
-checks a spec against a remote mirror and possibly rebuilds it from source and updates
-the binary mirror with the latest built package.  Both ``spack ci ...`` commands must
-be run from within the same environment, as each one makes use of the environment for
-different purposes.  Additionally, some options to the commands (or conditions present
-in the spack environment file) may require particular environment variables to be
-set in order to function properly.  Examples of these are typically secrets
-needed for pipeline operation that should not be visible in a spack environment
-file.  These environment variables are described in more detail
-:ref:`ci_environment_variables`.
+Spack provides a ``ci`` command with a few sub-commands supporting spack
+ci pipelines.  These commands are covered in more detail in this section.

 .. _cmd-spack-ci:

@@ -121,6 +210,17 @@ pipeline jobs.

 Concretizes the specs in the active environment, stages them (as described in
 :ref:`staging_algorithm`), and writes the resulting ``.gitlab-ci.yml`` to disk.
+During concretization of the environment, ``spack ci generate`` also writes a
+``spack.lock`` file which is then provided to generated child jobs and made
+available in all generated job artifacts to aid in reproducing failed builds
+in a local environment.  This means there are two artifacts that need to be
+exported in your pipeline generation job (defined in your ``.gitlab-ci.yml``).
+The first is the output yaml file of ``spack ci generate``, and the other is
+the directory containing the concrete environment files.  In the
+:ref:`functional_example` section, we only mentioned one path in the
+``artifacts`` ``paths`` list because we used ``--artifacts-root`` as the
+top level directory containing both the generated pipeline yaml and the
+concrete environment.

 Using ``--prune-dag`` or ``--no-prune-dag`` configures whether or not jobs are
 generated for specs that are already up to date on the mirror.   If enabling
@@ -128,6 +228,16 @@ DAG pruning using ``--prune-dag``, more information may be required in your
 ``spack.yaml`` file, see the :ref:`noop_jobs` section below regarding
 ``service-job-attributes``.

+The optional ``--check-index-only`` argument can be used to speed up pipeline
+generation by telling spack to consider only remote buildcache indices when
+checking the remote mirror to determine if each spec in the DAG is up to date
+or not.  The default behavior is for spack to fetch the index and check it,
+but if the spec is not found in the index, to also perform a direct check for
+the spec on the mirror.  If the remote buildcache index is out of date, which
+can easily happen if it is not updated frequently, this behavior ensures that
+spack has a way to know for certain about the status of any concrete spec on
+the remote mirror, but can slow down pipeline generation significantly.
+
 The ``--optimize`` argument is experimental and runs the generated pipeline
 document through a series of optimization passes designed to reduce the size
 of the generated file.
@@ -143,19 +253,64 @@ The optional ``--output-file`` argument should be an absolute path (including
 file name) to the generated pipeline, and if not given, the default is
 ``./.gitlab-ci.yml``.

+While optional, the ``--artifacts-root`` argument is used to determine where
+the concretized environment directory should be located.  This directory will
+be created by ``spack ci generate`` and will contain the ``spack.yaml`` and
+generated ``spack.lock`` which are then passed to all child jobs as an
+artifact.  This directory will also be the root directory for all artifacts
+generated by jobs in the pipeline.
+
 .. _cmd-spack-ci-rebuild:

-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^
 ``spack ci rebuild``
-^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^

-This sub-command is responsible for ensuring a single spec from the release
-environment is up to date on the remote mirror configured in the environment,
-and as such, corresponds to a single job in the ``.gitlab-ci.yml`` file.
+The purpose of the ``spack ci rebuild`` is straightforward: take its assigned
+spec job, check whether the target mirror already has a binary for that spec,
+and if not, build the spec from source and push the binary to the mirror.  To
+accomplish this in a reproducible way, the sub-command prepares a ``spack install``
+command line to build a single spec in the DAG, saves that command in a
+shell script, ``install.sh``, in the current working directory, and then runs
+it to install the spec.  The shell script is also exported as an artifact to
+aid in reproducing the build outside of the CI environment.

-Rather than taking command-line arguments, this sub-command expects information
-to be communicated via environment variables, which will typically come via the
-``.gitlab-ci.yml`` job as ``variables``.
+If it was necessary to install the spec from source, ``spack ci rebuild`` will
+also subsequently create a binary package for the spec and try to push it to the
+mirror.
+
+The ``spack ci rebuild`` sub-command mainly expects its "input" to come either
+from environment variables or from the ``gitlab-ci`` section of the ``spack.yaml``
+environment file.  There are two main sources of the environment variables, some
+are written into ``.gitlab-ci.yml`` by ``spack ci generate``, and some are
+provided by the GitLab CI runtime.
+
+.. _cmd-spack-ci-rebuild-index:
+
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+``spack ci rebuild-index``
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+This is a convenience command to rebuild the buildcache index associated with
+the mirror in the active, gitlab-enabled environment (specifying the mirror
+url or name is not required).
+
+.. _cmd-spack-ci-reproduce-build:
+
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+``spack ci reproduce-build``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Given the url to a gitlab pipeline rebuild job, downloads and unzips the
+artifacts into a local directory (which can be specified with the optional
+``--working-dir`` argument), then finds the target job in the generated
+pipeline to extract details about how it was run.  Assuming the job used a
+docker image, the command prints a ``docker run`` command line and some basic
+instructions on how to reproduce the build locally.
+
+Note that jobs failing in the pipeline will print messages giving the
+arguments you can pass to ``spack ci reproduce-build`` in order to reproduce
+a particular build locally.

 ------------------------------------
 A pipeline-enabled spack environment
@@ -240,6 +395,13 @@ takes a boolean and determines whether the pipeline uses artifacts to store and
 pass along the buildcaches from one stage to the next (the default if you don't
 provide this option is ``False``).

+The optional ``broken-specs-url`` key tells Spack to check against a list of
+specs that are known to be currently broken in ``develop``. If any such specs
+are found, the ``spack ci generate`` command will fail with an error message
+informing the user what broken specs were encountered. This allows the pipeline
+to fail early and avoid wasting compute resources attempting to build packages
+that will not succeed.
+
 The optional ``cdash`` section provides information that will be used by the
 ``spack ci generate`` command (invoked by ``spack ci start``) for reporting
 to CDash.  All the jobs generated from this environment will belong to a
@@ -357,8 +519,9 @@ scheduled on that runner.  This allows users to do any custom preparation or
 cleanup tasks that fit their particular workflow, as well as completely
 customize the rebuilding of a spec if they so choose.  Spack will not generate
 a ``before_script`` or ``after_script`` for jobs, but if you do not provide
-a custom ``script``, spack will generate one for you that assumes your
-``spack.yaml`` is at the root of the repository, activates that environment for
+a custom ``script``, spack will generate one for you that assumes the concrete
+environment directory is located within your ``--artifacts_root`` (or if not
+provided, within your ``$CI_PROJECT_DIR``), activates that environment for
 you, and invokes ``spack ci rebuild``.

 .. _staging_algorithm:
@@ -483,14 +646,15 @@ Using a custom spack in your pipeline
 If your runners will not have a version of spack ready to invoke, or if for some
 other reason you want to use a custom version of spack to run your pipelines,
 this section provides an example of how you could take advantage of
-user-provided pipeline scripts to accomplish this fairly simply.  First, you
-could use the GitLab user interface to create CI environment variables
-containing the url and branch or tag you want to use (calling them, for
-example, ``SPACK_REPO`` and ``SPACK_REF``), then refer to those in a custom shell
-script invoked both from your pipeline generation job, as well as in your rebuild
+user-provided pipeline scripts to accomplish this fairly simply.  First, consider
+specifying the source and version of spack you want to use with variables, either
+written directly into your ``.gitlab-ci.yml``, or provided by CI variables defined
+in the gitlab UI or from some upstream pipeline.  Let's say you choose the variable
+names ``SPACK_REPO`` and ``SPACK_REF`` to refer to the particular fork of spack
+and branch you want for running your pipeline.  You can then refer to those in a
+custom shell script invoked both from your pipeline generation job and your rebuild
 jobs.  Here's the ``generate-pipeline`` job from the top of this document,
-updated to invoke a custom shell script that will clone and source a custom
-spack:
+updated to clone and source a custom spack:

 .. code-block:: yaml

@@ -498,34 +662,24 @@ spack:
     tags:
       - <some-other-tag>
   before_script:
-     - ./cloneSpack.sh
+     - git clone ${SPACK_REPO}
+     - pushd spack && git checkout ${SPACK_REF} && popd
+     - . "./spack/share/spack/setup-env.sh"
   script:
     - spack env activate --without-view .
-     - spack ci generate
+     - spack ci generate --check-index-only
+       --artifacts-root "${CI_PROJECT_DIR}/jobs_scratch_dir"
       --output-file "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
   after_script:
     - rm -rf ./spack
   artifacts:
     paths:
-       - "${CI_PROJECT_DIR}/jobs_scratch_dir/pipeline.yml"
+       - "${CI_PROJECT_DIR}/jobs_scratch_dir"

-And the ``cloneSpack.sh`` script could contain:
-
-.. code-block:: bash
-
-   #!/bin/bash
-
-   git clone ${SPACK_REPO}
-   pushd ./spack
-   git checkout ${SPACK_REF}
-   popd
-
-   . "./spack/share/spack/setup-env.sh"
-
-   spack --version
-
-Finally, you would also want your generated rebuild jobs to clone that version
-of spack, so you would update your ``spack.yaml`` from above as follows:
+That takes care of getting the desired version of spack when your pipeline is
+generated by ``spack ci generate``.  You also want your generated rebuild jobs
+(all of them) to clone that version of spack, so next you would update your
+``spack.yaml`` from above as follows:

 .. code-block:: yaml

@@ -540,21 +694,21 @@ of spack, so you would update your ``spack.yaml`` from above as follows:
               - spack-kube
             image: spack/ubuntu-bionic
             before_script:
-               - ./cloneSpack.sh
+               - git clone ${SPACK_REPO}
+               - pushd spack && git checkout ${SPACK_REF} && popd
+               - . "./spack/share/spack/setup-env.sh"
             script:
-               - spack env activate --without-view .
+               - spack env activate --without-view ${SPACK_CONCRETE_ENV_DIR}
               - spack -d ci rebuild
             after_script:
               - rm -rf ./spack

 Now all of the generated rebuild jobs will use the same shell script to clone
-spack before running their actual workload.  Note in the above example the
-provision of a custom ``script`` section.  The reason for this is to run
-``spack ci rebuild`` in debug mode to get more information when builds fail.
+spack before running their actual workload.

 Now imagine you have long pipelines with many specs to be built, and you
 are pointing to a spack repository and branch that has a tendency to change
-frequently, such as the main repo and it's ``develop`` branch.  If each child
+frequently, such as the main repo and its ``develop`` branch.  If each child
 job checks out the ``develop`` branch, that could result in some jobs running
 with one SHA of spack, while later jobs run with another.  To help avoid this
 issue, the pipeline generation process saves global variables called
@@ -564,13 +718,32 @@ simply contains the human-readable value produced by ``spack -V`` at pipeline
 generation time, the ``SPACK_CHECKOUT_VERSION`` variable can be used in a
 ``git checkout`` command to make sure all child jobs checkout the same version
 of spack used to generate the pipeline.  To take advantage of this, you could
-simply replace ``git checkout ${SPACK_REF}`` in the example ``cloneSpack.sh``
-script above with ``git checkout ${SPACK_CHECKOUT_VERSION}``.
+simply replace ``git checkout ${SPACK_REF}`` in the example ``spack.yaml``
+above with ``git checkout ${SPACK_CHECKOUT_VERSION}``.

 On the other hand, if you're pointing to a spack repository and branch under your
 control, there may be no benefit in using the captured ``SPACK_CHECKOUT_VERSION``,
-and you can instead just clone using the project CI variables you set (in the
-earlier example these were ``SPACK_REPO`` and ``SPACK_REF``).
+and you can instead just clone using the variables you define (``SPACK_REPO``
+and ``SPACK_REF`` in the example aboves).
+
+.. _custom_workflow:
+
+---------------
+Custom Workflow
+---------------
+
+There are many ways to take advantage of spack CI pipelines to achieve custom
+workflows for building packages or other resources.  One example of a custom
+pipelines workflow is the spack tutorial container
+`repo <https://github.com/spack/spack-tutorial-container>`_.  This project uses
+GitHub (for source control), GitLab (for automated spack ci pipelines), and
+DockerHub automated builds to build Docker images (complete with fully populate
+binary mirror) used by instructors and participants of a spack tutorial.
+
+Take a look a the repo to see how it is accomplished using spack CI pipelines,
+and see the following markdown files at the root of the repository for
+descriptions and documentation describing the workflow: ``DESCRIPTION.md``,
+``DOCKERHUB_SETUP.md``, ``GITLAB_SETUP.md``, and ``UPDATING.md``.

 .. _ci_environment_variables:

@@ -587,28 +760,33 @@ environment variables used by the pipeline infrastructure are described here.
 AWS_ACCESS_KEY_ID
 ^^^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket.
+Optional.  Only needed when binary mirror is an S3 bucket.

 ^^^^^^^^^^^^^^^^^^^^^
 AWS_SECRET_ACCESS_KEY
 ^^^^^^^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket.
+Optional.  Only needed when binary mirror is an S3 bucket.

 ^^^^^^^^^^^^^^^
 S3_ENDPOINT_URL
 ^^^^^^^^^^^^^^^

-Needed when binary mirror is an S3 bucket that is *not* on AWS.
+Optional.  Only needed when binary mirror is an S3 bucket that is *not* on AWS.

 ^^^^^^^^^^^^^^^^^
 CDASH_AUTH_TOKEN
 ^^^^^^^^^^^^^^^^^

-Needed in order to report build groups to CDash.
+Optional. Only needed in order to report build groups to CDash.

 ^^^^^^^^^^^^^^^^^
 SPACK_SIGNING_KEY
 ^^^^^^^^^^^^^^^^^

-Needed to sign/verify binary packages from the remote binary mirror.
+Optional.  Only needed if you want ``spack ci rebuild`` to trust the key you
+store in this variable, in which case, it will subsequently be used to sign and
+verify binary packages (when installing or creating buildcaches).  You could
+also have already trusted a key spack know about, or if no key is present anywhere,
+spack will install specs using ``--no-check-signature`` and create buildcaches
+using ``-u`` (for unsigned binaries).
--- a/lib/spack/docs/workflows.rst
+++ b/lib/spack/docs/workflows.rst
@@ -543,7 +543,8 @@ specified from the command line using the ``--projection-file`` option
 to the ``spack view`` command.

 The projections configuration file is a mapping of partial specs to
-spec format strings, as shown in the example below.
+spec format strings, defined by the :meth:`~spack.spec.Spec.format`
+function, as shown in the example below.

 .. code-block:: yaml

--- a/lib/spack/env/cc
+++ b/lib/spack/env/cc
@@ -277,10 +277,18 @@ other_args=()
 isystem_system_includes=()
 isystem_includes=()

-while [ -n "$1" ]; do
+while [ $# -ne 0 ]; do
+
    # an RPATH to be added after the case statement.
    rp=""

+    # Multiple consecutive spaces in the command line can
+    # result in blank arguments
+    if [ -z "$1" ]; then
+        shift
+        continue
+    fi
+
    case "$1" in
        -isystem*)
            arg="${1#-isystem}"
@@ -311,6 +319,16 @@ while [ -n "$1" ]; do
            fi
            ;;
        -l*)
+            # -loopopt=0 is generated erroneously in autoconf <= 2.69,
+            # and passed by ifx to the linker, which confuses it with a 
+            # library. Filter it out.
+            # TODO: generalize filtering of args with an env var, so that
+            # TODO: we do not have to special case this here.
+            if { [ "$mode" = "ccld" ] || [ $mode = "ld" ]; } \
+                && [ "$1" != "${1#-loopopt}" ]; then
+                shift
+                continue
+            fi
            arg="${1#-l}"
            if [ -z "$arg" ]; then shift; arg="$1"; fi
            other_args+=("-l$arg")
--- a/lib/spack/external/init.py
+++ b/lib/spack/external/init.py
@@ -11,7 +11,7 @@

 * Homepage: https://pypi.python.org/pypi/archspec
 * Usage: Labeling, comparison and detection of microarchitectures
-* Version: 0.1.2 (commit 0389e83e87d3dc5043a7ac08172bd970706524d6)
+* Version: 0.1.2 (commit 26dec9d47e509daf8c970de4c89da200da52ad20)

 argparse
 --------
--- a/lib/spack/external/archspec/cpu/detect.py
+++ b/lib/spack/external/archspec/cpu/detect.py
@@ -99,17 +99,29 @@ def sysctl_info_dict():
    def sysctl(*args):
        return _check_output(["sysctl"] + list(args), env=child_environment).strip()

-    flags = (
-        sysctl("-n", "machdep.cpu.features").lower()
-        + " "
-        + sysctl("-n", "machdep.cpu.leaf7_features").lower()
-    )
-    info = {
-        "vendor_id": sysctl("-n", "machdep.cpu.vendor"),
-        "flags": flags,
-        "model": sysctl("-n", "machdep.cpu.model"),
-        "model name": sysctl("-n", "machdep.cpu.brand_string"),
-    }
+    if platform.machine() == "x86_64":
+        flags = (
+            sysctl("-n", "machdep.cpu.features").lower()
+            + " "
+            + sysctl("-n", "machdep.cpu.leaf7_features").lower()
+        )
+        info = {
+            "vendor_id": sysctl("-n", "machdep.cpu.vendor"),
+            "flags": flags,
+            "model": sysctl("-n", "machdep.cpu.model"),
+            "model name": sysctl("-n", "machdep.cpu.brand_string"),
+        }
+    else:
+        model = (
+            "m1" if "Apple" in sysctl("-n", "machdep.cpu.brand_string") else "unknown"
+        )
+        info = {
+            "vendor_id": "Apple",
+            "flags": [],
+            "model": model,
+            "CPU implementer": "Apple",
+            "model name": sysctl("-n", "machdep.cpu.brand_string"),
+        }
    return info


@@ -173,6 +185,11 @@ def compatible_microarchitectures(info):
        info (dict): dictionary containing information on the host cpu
    """
    architecture_family = platform.machine()
+    # On Apple M1 platform.machine() returns "arm64" instead of "aarch64"
+    # so we should normalize the name here
+    if architecture_family == "arm64":
+        architecture_family = "aarch64"
+
    # If a tester is not registered, be conservative and assume no known
    # target is compatible with the host
    tester = COMPATIBILITY_CHECKS.get(architecture_family, lambda x, y: False)
--- a/lib/spack/external/archspec/json/cpu/microarchitectures.json
+++ b/lib/spack/external/archspec/json/cpu/microarchitectures.json
@@ -91,6 +91,166 @@
        ]
      }
    },
+    "x86_64_v2": {
+      "from": ["x86_64"],
+      "vendor": "generic",
+      "features": [
+        "cx16",
+        "lahf_lm",
+        "mmx",
+        "sse",
+        "sse2",
+        "ssse3",
+        "sse4_1",
+        "sse4_2",
+        "popcnt"
+      ],
+      "compilers": {
+        "gcc": [
+          {
+            "versions": "11.1:",
+            "name": "x86-64-v2",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "4.6:11.0",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3"
+          }
+        ],
+        "clang": [
+          {
+            "versions": "12.0:",
+            "name": "x86-64-v2",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "3.9:11.1",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3"
+          }
+        ]
+      }
+    },
+    "x86_64_v3": {
+      "from": ["x86_64_v2"],
+      "vendor": "generic",
+      "features": [
+        "cx16",
+        "lahf_lm",
+        "mmx",
+        "sse",
+        "sse2",
+        "ssse3",
+        "sse4_1",
+        "sse4_2",
+        "popcnt",
+        "avx",
+        "avx2",
+        "bmi1",
+        "bmi2",
+        "f16c",
+        "fma",
+        "abm",
+        "movbe",
+        "xsave"
+      ],
+      "compilers": {
+        "gcc": [
+          {
+            "versions": "11.1:",
+            "name": "x86-64-v3",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "4.8:11.0",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave"
+          }
+        ],
+        "clang": [
+          {
+            "versions": "12.0:",
+            "name": "x86-64-v3",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "3.9:11.1",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave"
+          }
+        ],
+        "apple-clang": [
+          {
+            "versions": "8.0:",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave"
+          }
+        ]
+      }
+    },
+    "x86_64_v4": {
+      "from": ["x86_64_v3"],
+      "vendor": "generic",
+      "features": [
+        "cx16",
+        "lahf_lm",
+        "mmx",
+        "sse",
+        "sse2",
+        "ssse3",
+        "sse4_1",
+        "sse4_2",
+        "popcnt",
+        "avx",
+        "avx2",
+        "bmi1",
+        "bmi2",
+        "f16c",
+        "fma",
+        "abm",
+        "movbe",
+        "xsave",
+        "avx512f",
+        "avx512bw",
+        "avx512cd",
+        "avx512dq",
+        "avx512vl"
+      ],
+      "compilers": {
+        "gcc": [
+          {
+            "versions": "11.1:",
+            "name": "x86-64-v4",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "6.0:11.0",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave -mavx512f -mavx512bw -mavx512cd -mavx512dq -mavx512vl"
+          }
+        ],
+        "clang": [
+          {
+            "versions": "12.0:",
+            "name": "x86-64-v4",
+            "flags": "-march={name} -mtune=generic"
+          },
+          {
+            "versions": "3.9:11.1",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave -mavx512f -mavx512bw -mavx512cd -mavx512dq -mavx512vl"
+          }
+        ],
+        "apple-clang": [
+          {
+            "versions": "8.0:",
+            "name": "x86-64",
+            "flags": "-march={name} -mtune=generic -mcx16 -msahf -mpopcnt -msse3 -msse4.1 -msse4.2 -mssse3 -mavx -mavx2 -mbmi -mbmi2 -mf16c -mfma -mlzcnt -mmovbe -mxsave -mavx512f -mavx512bw -mavx512cd -mavx512dq -mavx512vl"
+          }
+        ]
+      }
+    },
    "nocona": {
      "from": ["x86_64"],
      "vendor": "GenuineIntel",
@@ -177,7 +337,7 @@
      }
    },
    "nehalem": {
-      "from": ["core2"],
+      "from": ["core2", "x86_64_v2"],
      "vendor": "GenuineIntel",
      "features": [
        "mmx",
@@ -394,7 +554,7 @@
      }
    },
    "haswell": {
-      "from": ["ivybridge"],
+      "from": ["ivybridge", "x86_64_v3"],
      "vendor": "GenuineIntel",
      "features": [
        "mmx",
@@ -642,7 +802,7 @@
      }
    },
    "skylake_avx512": {
-      "from": ["skylake"],
+      "from": ["skylake", "x86_64_v4"],
      "vendor": "GenuineIntel",
      "features": [
        "mmx",
@@ -986,7 +1146,7 @@
      }
    },
    "bulldozer": {
-      "from": ["x86_64"],
+      "from": ["x86_64_v2"],
      "vendor": "AuthenticAMD",
      "features": [
        "mmx",
@@ -1145,7 +1305,7 @@
      }
    },
    "excavator": {
-      "from": ["steamroller"],
+      "from": ["steamroller", "x86_64_v3"],
      "vendor": "AuthenticAMD",
      "features": [
        "mmx",
@@ -1204,7 +1364,7 @@
      }
    },
    "zen": {
-      "from": ["x86_64"],
+      "from": ["x86_64_v3"],
      "vendor": "AuthenticAMD",
      "features": [
        "bmi1",
@@ -1359,9 +1519,24 @@
        "popcnt",
        "clwb",
        "vaes",
-        "vpclmulqdq"
+        "vpclmulqdq",
+        "pku"
      ],
      "compilers": {
+        "gcc": [
+          {
+            "versions": "10.3:",
+            "name": "znver3",
+            "flags": "-march={name} -mtune={name}"
+          }
+        ],
+        "clang": [
+          {
+            "versions": "12.0:",
+            "name": "znver3",
+            "flags": "-march={name} -mtune={name}"
+          }
+        ],
        "aocc": [
          {
            "versions": "3.0:",
@@ -1544,6 +1719,18 @@
            "versions": ":",
            "flags": "-march=armv8-a -mtune=generic"
          }
+        ],
+        "apple-clang": [
+          {
+            "versions": ":",
+            "flags": "-march=armv8-a -mtune=generic"
+          }
+        ],
+        "arm": [
+          {
+            "versions": ":",
+            "flags": "-march=armv8-a -mtune=generic"
+          }
        ]
      }
    },
@@ -1647,6 +1834,12 @@
            "versions": "5:",
            "flags": "-march=armv8.2-a+crc+crypto+fp16+sve"
          }
+        ],
+        "arm": [
+          {
+            "versions": "20:",
+            "flags": "-march=armv8.2-a+crc+crypto+fp16+sve"
+          }
        ]
      }
    },
@@ -1752,6 +1945,31 @@
          ]
      }
    },
+    "m1": {
+      "from": ["aarch64"],
+      "vendor": "Apple",
+      "features": [],
+      "compilers": {
+        "gcc": [
+          {
+            "versions": "8.0:",
+            "flags" : "-march=armv8.4-a -mtune=generic"
+          }
+        ],
+        "clang" : [
+          {
+            "versions": "9.0:",
+            "flags" : "-march=armv8.4-a"
+          }
+        ],
+        "apple-clang": [
+          {
+            "versions": "11.0:",
+            "flags" : "-march=armv8.4-a"
+          }
+        ]
+      }
+    },
    "arm": {
      "from": [],
      "vendor": "generic",
--- a/lib/spack/external/py2/typing.py
+++ b/lib/spack/external/py2/typing.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2020 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/llnl/util/argparsewriter.py
+++ b/lib/spack/llnl/util/argparsewriter.py
@@ -5,9 +5,9 @@

 from __future__ import print_function

-import re
 import argparse
 import errno
+import re
 import sys

 from six import StringIO
--- a/lib/spack/llnl/util/filesystem.py
+++ b/lib/spack/llnl/util/filesystem.py
@@ -4,9 +4,9 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
 import collections
 import errno
-import hashlib
 import glob
 import grp
+import hashlib
 import itertools
 import numbers
 import os
@@ -19,10 +19,11 @@
 from contextlib import contextmanager

 import six
+
 from llnl.util import tty
 from llnl.util.lang import dedupe, memoized
-from spack.util.executable import Executable

+from spack.util.executable import Executable

 if sys.version_info >= (3, 3):
    from collections.abc import Sequence  # novm
--- a/lib/spack/llnl/util/lang.py
+++ b/lib/spack/llnl/util/lang.py
@@ -5,15 +5,21 @@

 from __future__ import division

+import functools
+import inspect
 import multiprocessing
 import os
 import re
-import functools
-import inspect
-from datetime import datetime, timedelta
-from six import string_types
 import sys
+from datetime import datetime, timedelta

+from six import string_types
+
+if sys.version_info < (3, 0):
+    from itertools import izip_longest  # novm
+    zip_longest = izip_longest
+else:
+    from itertools import zip_longest  # novm

 if sys.version_info >= (3, 3):
    from collections.abc import Hashable, MutableMapping  # novm
@@ -227,48 +233,222 @@ def list_modules(directory, **kwargs):
                yield re.sub('.py$', '', name)


-def key_ordering(cls):
-    """Decorates a class with extra methods that implement rich comparison
-       operations and ``__hash__``.  The decorator assumes that the class
-       implements a function called ``_cmp_key()``.  The rich comparison
-       operations will compare objects using this key, and the ``__hash__``
-       function will return the hash of this key.
+def decorator_with_or_without_args(decorator):
+    """Allows a decorator to be used with or without arguments, e.g.::

-       If a class already has ``__eq__``, ``__ne__``, ``__lt__``, ``__le__``,
-       ``__gt__``, or ``__ge__`` defined, this decorator will overwrite them.
+        # Calls the decorator function some args
+        @decorator(with, arguments, and=kwargs)
+
+    or::
+
+        # Calls the decorator function with zero arguments
+        @decorator

-       Raises:
-           TypeError: If the class does not have a ``_cmp_key`` method
    """
-    def setter(name, value):
-        value.__name__ = name
-        setattr(cls, name, value)
+    # See https://stackoverflow.com/questions/653368 for more on this
+    @functools.wraps(decorator)
+    def new_dec(*args, **kwargs):
+        if len(args) == 1 and len(kwargs) == 0 and callable(args[0]):
+            # actual decorated function
+            return decorator(args[0])
+        else:
+            # decorator arguments
+            return lambda realf: decorator(realf, *args, **kwargs)

-    if not has_method(cls, '_cmp_key'):
-        raise TypeError("'%s' doesn't define _cmp_key()." % cls.__name__)
+    return new_dec

-    setter('__eq__',
-           lambda s, o:
-           (s is o) or (o is not None and s._cmp_key() == o._cmp_key()))
-    setter('__lt__',
-           lambda s, o: o is not None and s._cmp_key() < o._cmp_key())
-    setter('__le__',
-           lambda s, o: o is not None and s._cmp_key() <= o._cmp_key())

-    setter('__ne__',
-           lambda s, o:
-           (s is not o) and (o is None or s._cmp_key() != o._cmp_key()))
-    setter('__gt__',
-           lambda s, o: o is None or s._cmp_key() > o._cmp_key())
-    setter('__ge__',
-           lambda s, o: o is None or s._cmp_key() >= o._cmp_key())
+#: sentinel for testing that iterators are done in lazy_lexicographic_ordering
+done = object()

-    setter('__hash__', lambda self: hash(self._cmp_key()))
+
+def tuplify(seq):
+    """Helper for lazy_lexicographic_ordering()."""
+    return tuple((tuplify(x) if callable(x) else x) for x in seq())
+
+
+def lazy_eq(lseq, rseq):
+    """Equality comparison for two lazily generated sequences.
+
+    See ``lazy_lexicographic_ordering``.
+    """
+    liter = lseq()  # call generators
+    riter = rseq()
+
+    # zip_longest is implemented in native code, so use it for speed.
+    # use zip_longest instead of zip because it allows us to tell
+    # which iterator was longer.
+    for left, right in zip_longest(liter, riter, fillvalue=done):
+        if (left is done) or (right is done):
+            return False
+
+        # recursively enumerate any generators, otherwise compare
+        equal = lazy_eq(left, right) if callable(left) else left == right
+        if not equal:
+            return False
+
+    return True
+
+
+def lazy_lt(lseq, rseq):
+    """Less-than comparison for two lazily generated sequences.
+
+    See ``lazy_lexicographic_ordering``.
+    """
+    liter = lseq()
+    riter = rseq()
+
+    for left, right in zip_longest(liter, riter, fillvalue=done):
+        if (left is done) or (right is done):
+            return left is done  # left was shorter than right
+
+        sequence = callable(left)
+        equal = lazy_eq(left, right) if sequence else left == right
+        if equal:
+            continue
+
+        if sequence:
+            return lazy_lt(left, right)
+        if left is None:
+            return True
+        if right is None:
+            return False
+
+        return left < right
+
+    return False  # if equal, return False
+
+
+@decorator_with_or_without_args
+def lazy_lexicographic_ordering(cls, set_hash=True):
+    """Decorates a class with extra methods that implement rich comparison.
+
+    This is a lazy version of the tuple comparison used frequently to
+    implement comparison in Python. Given some objects with fields, you
+    might use tuple keys to implement comparison, e.g.::
+
+        class Widget:
+            def _cmp_key(self):
+                return (
+                    self.a,
+                    self.b,
+                    (self.c, self.d),
+                    self.e
+                )
+
+            def __eq__(self, other):
+                return self._cmp_key() == other._cmp_key()
+
+            def __lt__(self):
+                return self._cmp_key() < other._cmp_key()
+
+            # etc.
+
+    Python would compare ``Widgets`` lexicographically based on their
+    tuples. The issue there for simple comparators is that we have to
+    bulid the tuples *and* we have to generate all the values in them up
+    front. When implementing comparisons for large data structures, this
+    can be costly.
+
+    Lazy lexicographic comparison maps the tuple comparison shown above
+    to generator functions. Instead of comparing based on pre-constructed
+    tuple keys, users of this decorator can compare using elements from a
+    generator. So, you'd write::
+
+        @lazy_lexicographic_ordering
+        class Widget:
+            def _cmp_iter(self):
+                yield a
+                yield b
+                def cd_fun():
+                    yield c
+                    yield d
+                yield cd_fun
+                yield e
+
+            # operators are added by decorator
+
+    There are no tuples preconstructed, and the generator does not have
+    to complete. Instead of tuples, we simply make functions that lazily
+    yield what would've been in the tuple. The
+    ``@lazy_lexicographic_ordering`` decorator handles the details of
+    implementing comparison operators, and the ``Widget`` implementor
+    only has to worry about writing ``_cmp_iter``, and making sure the
+    elements in it are also comparable.
+
+    Some things to note:
+
+      * If a class already has ``__eq__``, ``__ne__``, ``__lt__``,
+        ``__le__``, ``__gt__``, ``__ge__``, or ``__hash__`` defined, this
+        decorator will overwrite them.
+
+      * If ``set_hash`` is ``False``, this will not overwrite
+        ``__hash__``.
+
+      * This class uses Python 2 None-comparison semantics. If you yield
+        None and it is compared to a non-None type, None will always be
+        less than the other object.
+
+    Raises:
+        TypeError: If the class does not have a ``_cmp_iter`` method
+
+    """
+    if not has_method(cls, "_cmp_iter"):
+        raise TypeError("'%s' doesn't define _cmp_iter()." % cls.__name__)
+
+    # comparison operators are implemented in terms of lazy_eq and lazy_lt
+    def eq(self, other):
+        if self is other:
+            return True
+        return (other is not None) and lazy_eq(self._cmp_iter, other._cmp_iter)
+
+    def lt(self, other):
+        if self is other:
+            return False
+        return (other is not None) and lazy_lt(self._cmp_iter, other._cmp_iter)
+
+    def ne(self, other):
+        if self is other:
+            return False
+        return (other is None) or not lazy_eq(self._cmp_iter, other._cmp_iter)
+
+    def gt(self, other):
+        if self is other:
+            return False
+        return (other is None) or lazy_lt(other._cmp_iter, self._cmp_iter)
+
+    def le(self, other):
+        if self is other:
+            return True
+        return (other is not None) and not lazy_lt(other._cmp_iter,
+                                                   self._cmp_iter)
+
+    def ge(self, other):
+        if self is other:
+            return True
+        return (other is None) or not lazy_lt(self._cmp_iter, other._cmp_iter)
+
+    def h(self):
+        return hash(tuplify(self._cmp_iter))
+
+    def add_func_to_class(name, func):
+        """Add a function to a class with a particular name."""
+        func.__name__ = name
+        setattr(cls, name, func)
+
+    add_func_to_class("__eq__", eq)
+    add_func_to_class("__ne__", ne)
+    add_func_to_class("__lt__", lt)
+    add_func_to_class("__le__", le)
+    add_func_to_class("__gt__", gt)
+    add_func_to_class("__ge__", ge)
+    if set_hash:
+        add_func_to_class("__hash__", h)

    return cls


-@key_ordering
+@lazy_lexicographic_ordering
 class HashableMap(MutableMapping):
    """This is a hashable, comparable dictionary.  Hash is performed on
       a tuple of the values in the dictionary."""
@@ -291,8 +471,9 @@ def __len__(self):
    def __delitem__(self, key):
        del self.dict[key]

-    def _cmp_key(self):
-        return tuple(sorted(self.values()))
+    def _cmp_iter(self):
+        for _, v in sorted(self.items()):
+            yield v

    def copy(self):
        """Type-agnostic clone method.  Preserves subclass type."""
@@ -624,6 +805,9 @@ def __repr__(self):
 def load_module_from_file(module_name, module_path):
    """Loads a python module from the path of the corresponding file.

+    If the module is already in ``sys.modules`` it will be returned as
+    is and not reloaded.
+
    Args:
        module_name (str): namespace where the python module will be loaded,
            e.g. ``foo.bar``
@@ -636,12 +820,28 @@ def load_module_from_file(module_name, module_path):
        ImportError: when the module can't be loaded
        FileNotFoundError: when module_path doesn't exist
    """
+    if module_name in sys.modules:
+        return sys.modules[module_name]
+
+    # This recipe is adapted from https://stackoverflow.com/a/67692/771663
    if sys.version_info[0] == 3 and sys.version_info[1] >= 5:
        import importlib.util
        spec = importlib.util.spec_from_file_location(  # novm
            module_name, module_path)
        module = importlib.util.module_from_spec(spec)  # novm
-        spec.loader.exec_module(module)
+        # The module object needs to exist in sys.modules before the
+        # loader executes the module code.
+        #
+        # See https://docs.python.org/3/reference/import.html#loading
+        sys.modules[spec.name] = module
+        try:
+            spec.loader.exec_module(module)
+        except BaseException:
+            try:
+                del sys.modules[spec.name]
+            except KeyError:
+                pass
+            raise
    elif sys.version_info[0] == 3 and sys.version_info[1] < 5:
        import importlib.machinery
        loader = importlib.machinery.SourceFileLoader(  # novm
--- a/lib/spack/llnl/util/link_tree.py
+++ b/lib/spack/llnl/util/link_tree.py
@@ -7,12 +7,12 @@

 from __future__ import print_function

+import filecmp
 import os
 import shutil
-import filecmp

-from llnl.util.filesystem import traverse_tree, mkdirp, touch
 import llnl.util.tty as tty
+from llnl.util.filesystem import mkdirp, touch, traverse_tree

 __all__ = ['LinkTree']

--- a/lib/spack/llnl/util/lock.py
+++ b/lib/spack/llnl/util/lock.py
@@ -3,16 +3,16 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import os
-import fcntl
 import errno
-import time
+import fcntl
+import os
 import socket
+import time
 from datetime import datetime

 import llnl.util.tty as tty
-import spack.util.string

+import spack.util.string

 __all__ = ['Lock', 'LockTransaction', 'WriteTransaction', 'ReadTransaction',
           'LockError', 'LockTimeoutError',
@@ -264,7 +264,7 @@ def _write_log_debug_data(self):
        self.old_host = self.host

        self.pid = os.getpid()
-        self.host = socket.getfqdn()
+        self.host = socket.gethostname()

        # write pid, host to disk to sync over FS
        self._file.seek(0)
--- a/lib/spack/llnl/util/tty/init.py
+++ b/lib/spack/llnl/util/tty/init.py
@@ -12,12 +12,13 @@
 import termios
 import textwrap
 import traceback
-import six
 from datetime import datetime
+
+import six
 from six import StringIO
 from six.moves import input

-from llnl.util.tty.color import cprint, cwrite, cescape, clen
+from llnl.util.tty.color import cescape, clen, cprint, cwrite

 # Globals
 _debug = 0
--- a/lib/spack/llnl/util/tty/colify.py
+++ b/lib/spack/llnl/util/tty/colify.py
@@ -10,10 +10,11 @@

 import os
 import sys
+
 from six import StringIO, text_type

 from llnl.util.tty import terminal_size
-from llnl.util.tty.color import clen, cextra
+from llnl.util.tty.color import cextra, clen


 class ColumnConfig:
--- a/lib/spack/llnl/util/tty/color.py
+++ b/lib/spack/llnl/util/tty/color.py
@@ -60,9 +60,9 @@
 To output an @, use '@@'.  To output a } inside braces, use '}}'.
 """
 from __future__ import unicode_literals
+
 import re
 import sys
-
 from contextlib import contextmanager

 import six
--- a/lib/spack/llnl/util/tty/log.py
+++ b/lib/spack/llnl/util/tty/log.py
@@ -13,15 +13,14 @@
 import os
 import re
 import select
+import signal
 import sys
 import traceback
-import signal
 from contextlib import contextmanager
-from six import string_types
-from six import StringIO
-
-from typing import Optional  # novm
 from types import ModuleType  # novm
+from typing import Optional  # novm
+
+from six import StringIO, string_types

 import llnl.util.tty as tty

@@ -321,7 +320,10 @@ def __init__(self, file_like):
    def unwrap(self):
        if self.open:
            if self.file_like:
-                self.file = open(self.file_like, 'w')
+                if sys.version_info < (3,):
+                    self.file = open(self.file_like, 'w')
+                else:
+                    self.file = open(self.file_like, 'w', encoding='utf-8')
            else:
                self.file = StringIO()
            return self.file
@@ -722,7 +724,11 @@ def _writer_daemon(stdin_multiprocess_fd, read_multiprocess_fd, write_fd, echo,

    # Use line buffering (3rd param = 1) since Python 3 has a bug
    # that prevents unbuffered text I/O.
-    in_pipe = os.fdopen(read_multiprocess_fd.fd, 'r', 1)
+    if sys.version_info < (3,):
+        in_pipe = os.fdopen(read_multiprocess_fd.fd, 'r', 1)
+    else:
+        # Python 3.x before 3.7 does not open with UTF-8 encoding by default
+        in_pipe = os.fdopen(read_multiprocess_fd.fd, 'r', 1, encoding='utf-8')

    if stdin_multiprocess_fd:
        stdin = os.fdopen(stdin_multiprocess_fd.fd)
@@ -764,28 +770,39 @@ def _writer_daemon(stdin_multiprocess_fd, read_multiprocess_fd, write_fd, echo,
                                raise

                if in_pipe in rlist:
-                    # Handle output from the calling process.
-                    line = _retry(in_pipe.readline)()
-                    if not line:
-                        break
+                    line_count = 0
+                    try:
+                        while line_count < 100:
+                            # Handle output from the calling process.
+                            line = _retry(in_pipe.readline)()
+                            if not line:
+                                return
+                            line_count += 1

-                    # find control characters and strip them.
-                    controls = control.findall(line)
-                    line = control.sub('', line)
+                            # find control characters and strip them.
+                            clean_line, num_controls = control.subn('', line)

-                    # Echo to stdout if requested or forced.
-                    if echo or force_echo:
-                        sys.stdout.write(line)
-                        sys.stdout.flush()
+                            # Echo to stdout if requested or forced.
+                            if echo or force_echo:
+                                sys.stdout.write(clean_line)

-                    # Stripped output to log file.
-                    log_file.write(_strip(line))
-                    log_file.flush()
+                            # Stripped output to log file.
+                            log_file.write(_strip(clean_line))

-                    if xon in controls:
-                        force_echo = True
-                    if xoff in controls:
-                        force_echo = False
+                            if num_controls > 0:
+                                controls = control.findall(line)
+                                if xon in controls:
+                                    force_echo = True
+                                if xoff in controls:
+                                    force_echo = False
+
+                            if not _input_available(in_pipe):
+                                break
+                    finally:
+                        if line_count > 0:
+                            if echo or force_echo:
+                                sys.stdout.flush()
+                            log_file.flush()

    except BaseException:
        tty.error("Exception occurred in writer daemon!")
@@ -837,3 +854,7 @@ def wrapped(*args, **kwargs):
                    continue
                raise
    return wrapped
+
+
+def _input_available(f):
+    return f in select.select([f], [], [], 0)[0]
--- a/lib/spack/llnl/util/tty/pty.py
+++ b/lib/spack/llnl/util/tty/pty.py
@@ -14,10 +14,10 @@
 """
 from __future__ import print_function

-import os
-import signal
 import multiprocessing
+import os
 import re
+import signal
 import sys
 import termios
 import time
--- a/lib/spack/spack/init.py
+++ b/lib/spack/spack/init.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2020 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
--- a/lib/spack/spack/abi.py
+++ b/lib/spack/spack/abi.py
@@ -8,9 +8,9 @@
 from llnl.util.lang import memoized

 import spack.spec
+from spack.compilers.clang import Clang
 from spack.spec import CompilerSpec
 from spack.util.executable import Executable, ProcessError
-from spack.compilers.clang import Clang


 class ABI(object):
--- a/lib/spack/spack/analyzers/init.py
+++ b/lib/spack/spack/analyzers/init.py
@@ -0,0 +1,42 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+"""This package contains code for creating analyzers to extract Application
+Binary Interface (ABI) information, along with simple analyses that just load
+existing metadata.
+"""
+
+from __future__ import absolute_import
+
+import llnl.util.tty as tty
+
+import spack.paths
+import spack.util.classes
+
+mod_path = spack.paths.analyzers_path
+analyzers = spack.util.classes.list_classes("spack.analyzers", mod_path)
+
+# The base analyzer does not have a name, and cannot do dict comprehension
+analyzer_types = {}
+for a in analyzers:
+    if not hasattr(a, "name"):
+        continue
+    analyzer_types[a.name] = a
+
+
+def list_all():
+    """A helper function to list all analyzers and their descriptions
+    """
+    for name, analyzer in analyzer_types.items():
+        print("%-25s: %-35s" % (name, analyzer.description))
+
+
+def get_analyzer(name):
+    """Courtesy function to retrieve an analyzer, and exit on error if it
+    does not exist.
+    """
+    if name in analyzer_types:
+        return analyzer_types[name]
+    tty.die("Analyzer %s does not exist" % name)
--- a/lib/spack/spack/analyzers/analyzer_base.py
+++ b/lib/spack/spack/analyzers/analyzer_base.py
@@ -0,0 +1,116 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+"""An analyzer base provides basic functions to run the analysis, save results,
+and (optionally) interact with a Spack Monitor
+"""
+
+import os
+
+import llnl.util.tty as tty
+
+import spack.config
+import spack.hooks
+import spack.monitor
+import spack.util.path
+
+
+def get_analyzer_dir(spec, analyzer_dir=None):
+    """
+    Given a spec, return the directory to save analyzer results.
+
+    We create the directory if it does not exist. We also check that the
+    spec has an associated package. An analyzer cannot be run if the spec isn't
+    associated with a package. If the user provides a custom analyzer_dir,
+    we use it over checking the config and the default at ~/.spack/analyzers
+    """
+    # An analyzer cannot be run if the spec isn't associated with a package
+    if not hasattr(spec, "package") or not spec.package:
+        tty.die("A spec can only be analyzed with an associated package.")
+
+    # The top level directory is in the user home, or a custom location
+    if not analyzer_dir:
+        analyzer_dir = spack.util.path.canonicalize_path(
+            spack.config.get('config:analyzers_dir', '~/.spack/analyzers'))
+
+    # We follow the same convention as the spec install (this could be better)
+    package_prefix = os.sep.join(spec.package.prefix.split('/')[-3:])
+    meta_dir = os.path.join(analyzer_dir, package_prefix)
+    return meta_dir
+
+
+class AnalyzerBase(object):
+
+    def __init__(self, spec, dirname=None):
+        """
+        Verify that the analyzer has correct metadata.
+
+        An Analyzer is intended to run on one spec install, so the spec
+        with its associated package is required on init. The child analyzer
+        class should define an init function that super's the init here, and
+        also check that the analyzer has all dependencies that it
+        needs. If an analyzer subclass does not have dependencies, it does not
+        need to define an init. An Analyzer should not be allowed to proceed
+        if one or more dependencies are missing. The dirname, if defined,
+        is an optional directory name to save to (instead of the default meta
+        spack directory).
+        """
+        self.spec = spec
+        self.dirname = dirname
+        self.meta_dir = os.path.dirname(spec.package.install_log_path)
+
+        for required in ["name", "outfile", "description"]:
+            if not hasattr(self, required):
+                tty.die("Please add a %s attribute on the analyzer." % required)
+
+    def run(self):
+        """
+        Given a spec with an installed package, run the analyzer on it.
+        """
+        raise NotImplementedError
+
+    @property
+    def output_dir(self):
+        """
+        The full path to the output directory.
+
+        This includes the nested analyzer directory structure. This function
+        does not create anything.
+        """
+        if not hasattr(self, "_output_dir"):
+            output_dir = get_analyzer_dir(self.spec, self.dirname)
+            self._output_dir = os.path.join(output_dir, self.name)
+
+        return self._output_dir
+
+    def save_result(self, result, overwrite=False):
+        """
+        Save a result to the associated spack monitor, if defined.
+
+        This function is on the level of the analyzer because it might be
+        the case that the result is large (appropriate for a single request)
+        or that the data is organized differently (e.g., more than one
+        request per result). If an analyzer subclass needs to over-write
+        this function with a custom save, that is appropriate to do (see abi).
+        """
+        # We maintain the structure in json with the analyzer as key so
+        # that in the future, we could upload to a monitor server
+        if result[self.name]:
+
+            outfile = os.path.join(self.output_dir, self.outfile)
+
+            # Only try to create the results directory if we have a result
+            if not os.path.exists(self._output_dir):
+                os.makedirs(self._output_dir)
+
+            # Don't overwrite an existing result if overwrite is False
+            if os.path.exists(outfile) and not overwrite:
+                tty.info("%s exists and overwrite is False, skipping." % outfile)
+            else:
+                tty.info("Writing result to %s" % outfile)
+                spack.monitor.write_json(result[self.name], outfile)
+
+        # This hook runs after a save result
+        spack.hooks.on_analyzer_save(self.spec.package, result)
--- a/lib/spack/spack/analyzers/config_args.py
+++ b/lib/spack/spack/analyzers/config_args.py
@@ -0,0 +1,33 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+"""A configargs analyzer is a class of analyzer that typically just uploads
+already existing metadata about config args from a package spec install
+directory."""
+
+
+import os
+
+import spack.monitor
+
+from .analyzer_base import AnalyzerBase
+
+
+class ConfigArgs(AnalyzerBase):
+
+    name = "config_args"
+    outfile = "spack-analyzer-config-args.json"
+    description = "config args loaded from spack-configure-args.txt"
+
+    def run(self):
+        """
+        Load the configure-args.txt and save in json.
+
+        The run function will find the spack-config-args.txt file in the
+        package install directory, and read it into a json structure that has
+        the name of the analyzer as the key.
+        """
+        config_file = os.path.join(self.meta_dir, "spack-configure-args.txt")
+        return {self.name: spack.monitor.read_file(config_file)}
--- a/lib/spack/spack/analyzers/environment_variables.py
+++ b/lib/spack/spack/analyzers/environment_variables.py
@@ -0,0 +1,51 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+"""An environment analyzer will read and parse the environment variables
+file in the installed package directory, generating a json file that has
+an index of key, value pairs for environment variables."""
+
+
+import os
+
+from spack.util.environment import EnvironmentModifications
+
+from .analyzer_base import AnalyzerBase
+
+
+class EnvironmentVariables(AnalyzerBase):
+
+    name = "environment_variables"
+    outfile = "spack-analyzer-environment-variables.json"
+    description = "environment variables parsed from spack-build-env.txt"
+
+    def run(self):
+        """
+        Load, parse, and save spack-build-env.txt to analyzers.
+
+        Read in the spack-build-env.txt file from the package install
+        directory and parse the environment variables into key value pairs.
+        The result should have the key for the analyzer, the name.
+        """
+        env_file = os.path.join(self.meta_dir, "spack-build-env.txt")
+        return {self.name: self._read_environment_file(env_file)}
+
+    def _read_environment_file(self, filename):
+        """
+        Read and parse the environment file.
+
+        Given an environment file, we want to read it, split by semicolons
+        and new lines, and then parse down to the subset of SPACK_* variables.
+        We assume that all spack prefix variables are not secrets, and unlike
+        the install_manifest.json, we don't (at least to start) parse the values
+        to remove path prefixes specific to user systems.
+        """
+        if not os.path.exists(filename):
+            return
+
+        mods = EnvironmentModifications.from_sourcing_file(filename)
+        env = {}
+        mods.apply_modifications(env)
+        return env
--- a/lib/spack/spack/analyzers/install_files.py
+++ b/lib/spack/spack/analyzers/install_files.py
@@ -0,0 +1,31 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+"""The install files json file (install_manifest.json) already exists in
+the package install folder, so this analyzer simply moves it to the user
+analyzer folder for further processing."""
+
+
+import os
+
+import spack.monitor
+
+from .analyzer_base import AnalyzerBase
+
+
+class InstallFiles(AnalyzerBase):
+
+    name = "install_files"
+    outfile = "spack-analyzer-install-files.json"
+    description = "install file listing read from install_manifest.json"
+
+    def run(self):
+        """
+        Load in the install_manifest.json and save to analyzers.
+
+        We write it out to the analyzers folder, with key as the analyzer name.
+        """
+        manifest_file = os.path.join(self.meta_dir, "install_manifest.json")
+        return {self.name: spack.monitor.read_json(manifest_file)}
--- a/lib/spack/spack/analyzers/libabigail.py
+++ b/lib/spack/spack/analyzers/libabigail.py
@@ -0,0 +1,116 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+
+import os
+
+import llnl.util.tty as tty
+
+import spack
+import spack.binary_distribution
+import spack.bootstrap
+import spack.error
+import spack.hooks
+import spack.monitor
+import spack.package
+import spack.repo
+
+from .analyzer_base import AnalyzerBase
+
+
+class Libabigail(AnalyzerBase):
+
+    name = "libabigail"
+    outfile = "spack-analyzer-libabigail.json"
+    description = "Application Binary Interface (ABI) features for objects"
+
+    def __init__(self, spec, dirname=None):
+        """
+        init for an analyzer ensures we have all needed dependencies.
+
+        For the libabigail analyzer, this means Libabigail.
+        Since the output for libabigail is one file per object, we communicate
+        with the monitor multiple times.
+        """
+        super(Libabigail, self).__init__(spec, dirname)
+
+        # This doesn't seem to work to import on the module level
+        tty.debug("Preparing to use Libabigail, will install if missing.")
+
+        with spack.bootstrap.ensure_bootstrap_configuration():
+
+            # libabigail won't install lib/bin/share without docs
+            spec = spack.spec.Spec("libabigail+docs")
+            spec.concretize()
+
+            self.abidw = spack.bootstrap.get_executable(
+                "abidw", spec=spec, install=True)
+
+    def run(self):
+        """
+        Run libabigail, and save results to filename.
+
+        This run function differs in that we write as we generate and then
+        return a dict with the analyzer name as the key, and the value of a
+        dict of results, where the key is the object name, and the value is
+        the output file written to.
+        """
+        manifest = spack.binary_distribution.get_buildfile_manifest(self.spec)
+
+        # This result will store a path to each file
+        result = {}
+
+        # Generate an output file for each binary or object
+        for obj in manifest.get("binary_to_relocate_fullpath", []):
+
+            # We want to preserve the path in the install directory in case
+            # a library has an equivalenly named lib or executable, for example
+            outdir = os.path.dirname(obj.replace(self.spec.package.prefix,
+                                     '').strip(os.path.sep))
+            outfile = "spack-analyzer-libabigail-%s.xml" % os.path.basename(obj)
+            outfile = os.path.join(self.output_dir, outdir, outfile)
+            outdir = os.path.dirname(outfile)
+
+            # Create the output directory
+            if not os.path.exists(outdir):
+                os.makedirs(outdir)
+
+            # Sometimes libabigail segfaults and dumps
+            try:
+                self.abidw(obj, "--out-file", outfile)
+                result[obj] = outfile
+                tty.info("Writing result to %s" % outfile)
+            except spack.error.SpackError:
+                tty.warn("Issue running abidw for %s" % obj)
+
+        return {self.name: result}
+
+    def save_result(self, result, overwrite=False):
+        """
+        Read saved ABI results and upload to monitor server.
+
+        ABI results are saved to individual files, so each one needs to be
+        read and uploaded. Result here should be the lookup generated in run(),
+        the key is the analyzer name, and each value is the result file.
+        We currently upload the entire xml as text because libabigail can't
+        easily read gzipped xml, but this will be updated when it can.
+        """
+        if not spack.monitor.cli:
+            return
+
+        name = self.spec.package.name
+
+        for obj, filename in result.get(self.name, {}).items():
+
+            # Don't include the prefix
+            rel_path = obj.replace(self.spec.prefix + os.path.sep, "")
+
+            # We've already saved the results to file during run
+            content = spack.monitor.read_file(filename)
+
+            # A result needs an analyzer, value or binary_value, and name
+            data = {"value": content, "install_file": rel_path, "name": "abidw-xml"}
+            tty.info("Sending result for %s %s to monitor." % (name, rel_path))
+            spack.hooks.on_analyzer_save(self.spec.package, {"libabigail": [data]})
--- a/lib/spack/spack/architecture.py
+++ b/lib/spack/spack/architecture.py
@@ -58,23 +58,23 @@
 """
 import contextlib
 import functools
-import inspect
 import warnings

-import archspec.cpu
 import six

+import archspec.cpu
+
+import llnl.util.lang as lang
 import llnl.util.tty as tty
-from llnl.util.lang import memoized, list_modules, key_ordering

 import spack.compiler
 import spack.compilers
 import spack.config
-import spack.paths
 import spack.error as serr
+import spack.paths
+import spack.util.classes
 import spack.util.executable
 import spack.version
-from spack.util.naming import mod_to_class
 from spack.util.spack_yaml import syaml_dict


@@ -232,7 +232,7 @@ def optimization_flags(self, compiler):
        )


-@key_ordering
+@lang.lazy_lexicographic_ordering
 class Platform(object):
    """ Abstract class that each type of Platform will subclass.
        Will return a instance of it once it is returned.
@@ -329,23 +329,27 @@ def __repr__(self):
    def __str__(self):
        return self.name

-    def _cmp_key(self):
-        t_keys = ''.join(str(t._cmp_key()) for t in
-                         sorted(self.targets.values()))
-        o_keys = ''.join(str(o._cmp_key()) for o in
-                         sorted(self.operating_sys.values()))
-        return (self.name,
-                self.default,
-                self.front_end,
-                self.back_end,
-                self.default_os,
-                self.front_os,
-                self.back_os,
-                t_keys,
-                o_keys)
+    def _cmp_iter(self):
+        yield self.name
+        yield self.default
+        yield self.front_end
+        yield self.back_end
+        yield self.default_os
+        yield self.front_os
+        yield self.back_os
+
+        def targets():
+            for t in sorted(self.targets.values()):
+                yield t._cmp_iter
+        yield targets
+
+        def oses():
+            for o in sorted(self.operating_sys.values()):
+                yield o._cmp_iter
+        yield oses


-@key_ordering
+@lang.lazy_lexicographic_ordering
 class OperatingSystem(object):
    """ Operating System will be like a class similar to platform extended
        by subclasses for the specifics. Operating System will contain the
@@ -363,8 +367,9 @@ def __str__(self):
    def __repr__(self):
        return self.__str__()

-    def _cmp_key(self):
-        return (self.name, self.version)
+    def _cmp_iter(self):
+        yield self.name
+        yield self.version

    def to_dict(self):
        return syaml_dict([
@@ -373,7 +378,7 @@ def to_dict(self):
        ])


-@key_ordering
+@lang.lazy_lexicographic_ordering
 class Arch(object):
    """Architecture is now a class to help with setting attributes.

@@ -423,20 +428,21 @@ def __nonzero__(self):
                self.target is not None)
    __bool__ = __nonzero__

-    def _cmp_key(self):
+    def _cmp_iter(self):
        if isinstance(self.platform, Platform):
-            platform = self.platform.name
+            yield self.platform.name
        else:
-            platform = self.platform
+            yield self.platform
+
        if isinstance(self.os, OperatingSystem):
-            os = self.os.name
+            yield self.os.name
        else:
-            os = self.os
+            yield self.os
+
        if isinstance(self.target, Target):
-            target = self.target.microarchitecture
+            yield self.target.microarchitecture
        else:
-            target = self.target
-        return (platform, os, target)
+            yield self.target

    def to_dict(self):
        str_or_none = lambda v: str(v) if v else None
@@ -458,7 +464,7 @@ def from_dict(d):
        return arch_for_spec(spec)


-@memoized
+@lang.memoized
 def get_platform(platform_name):
    """Returns a platform object that corresponds to the given name."""
    platform_list = all_platforms()
@@ -494,28 +500,13 @@ def arch_for_spec(arch_spec):
    return Arch(arch_plat, arch_spec.os, arch_spec.target)


-@memoized
+@lang.memoized
 def _all_platforms():
-    classes = []
    mod_path = spack.paths.platform_path
-    parent_module = "spack.platforms"
-
-    for name in list_modules(mod_path):
-        mod_name = '%s.%s' % (parent_module, name)
-        class_name = mod_to_class(name)
-        mod = __import__(mod_name, fromlist=[class_name])
-        if not hasattr(mod, class_name):
-            tty.die('No class %s defined in %s' % (class_name, mod_name))
-        cls = getattr(mod, class_name)
-        if not inspect.isclass(cls):
-            tty.die('%s.%s is not a class' % (mod_name, class_name))
-
-        classes.append(cls)
-
-    return classes
+    return spack.util.classes.list_classes("spack.platforms", mod_path)


-@memoized
+@lang.memoized
 def _platform():
    """Detects the platform for this machine.

@@ -546,7 +537,7 @@ def _platform():
 all_platforms = _all_platforms


-@memoized
+@lang.memoized
 def default_arch():
    """Default ``Arch`` object for this machine.

@@ -570,7 +561,7 @@ def sys_type():
    return str(default_arch())


-@memoized
+@lang.memoized
 def compatible_sys_types():
    """Returns a list of all the systypes compatible with the current host."""
    compatible_archs = []
--- a/lib/spack/spack/audit.py
+++ b/lib/spack/spack/audit.py
@@ -0,0 +1,395 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+"""Classes and functions to register audit checks for various parts of
+Spack and run them on-demand.
+
+To register a new class of sanity checks (e.g. sanity checks for
+compilers.yaml), the first action required is to create a new AuditClass
+object:
+
+.. code-block:: python
+
+   audit_cfgcmp = AuditClass(
+       tag='CFG-COMPILER',
+       description='Sanity checks on compilers.yaml',
+       kwargs=()
+   )
+
+This object is to be used as a decorator to register functions
+that will perform each a single check:
+
+.. code-block:: python
+
+   @audit_cfgcmp
+   def _search_duplicate_compilers(error_cls):
+       pass
+
+These functions need to take as argument the keywords declared when
+creating the decorator object plus an ``error_cls`` argument at the
+end, acting as a factory to create Error objects. It should return a
+(possibly empty) list of errors.
+
+Calls to each of these functions are triggered by the ``run`` method of
+the decorator object, that will forward the keyword arguments passed
+as input.
+"""
+import collections
+import itertools
+
+try:
+    from collections.abc import Sequence  # novm
+except ImportError:
+    from collections import Sequence
+
+#: Map an audit tag to a list of callables implementing checks
+CALLBACKS = {}
+
+#: Map a group of checks to the list of related audit tags
+GROUPS = collections.defaultdict(list)
+
+
+class Error(object):
+    """Information on an error reported in a test."""
+    def __init__(self, summary, details):
+        self.summary = summary
+        self.details = tuple(details)
+
+    def __str__(self):
+        return self.summary + '\n' + '\n'.join([
+            '    ' + detail for detail in self.details
+        ])
+
+    def __eq__(self, other):
+        if self.summary != other.summary or self.details != other.details:
+            return False
+        return True
+
+    def __hash__(self):
+        value = (self.summary, self.details)
+        return hash(value)
+
+
+class AuditClass(Sequence):
+    def __init__(self, group, tag, description, kwargs):
+        """Return an object that acts as a decorator to register functions
+        associated with a specific class of sanity checks.
+
+        Args:
+            group (str): group in which this check is to be inserted
+            tag (str): tag uniquely identifying the class of sanity checks
+            description (str): description of the sanity checks performed
+                by this tag
+            kwargs (tuple of str): keyword arguments that each registered
+                function needs to accept
+        """
+        if tag in CALLBACKS:
+            msg = 'audit class "{0}" already registered'
+            raise ValueError(msg.format(tag))
+
+        self.group = group
+        self.tag = tag
+        self.description = description
+        self.kwargs = kwargs
+        self.callbacks = []
+
+        # Init the list of hooks
+        CALLBACKS[self.tag] = self
+
+        # Update the list of tags in the group
+        GROUPS[self.group].append(self.tag)
+
+    def __call__(self, func):
+        self.callbacks.append(func)
+
+    def __getitem__(self, item):
+        return self.callbacks[item]
+
+    def __len__(self):
+        return len(self.callbacks)
+
+    def run(self, **kwargs):
+        msg = 'please pass "{0}" as keyword arguments'
+        msg = msg.format(', '.join(self.kwargs))
+        assert set(self.kwargs) == set(kwargs), msg
+
+        errors = []
+        kwargs['error_cls'] = Error
+        for fn in self.callbacks:
+            errors.extend(fn(**kwargs))
+
+        return errors
+
+
+def run_group(group, **kwargs):
+    """Run the checks that are part of the group passed as argument.
+
+    Args:
+        group (str): group of checks to be run
+        **kwargs: keyword arguments forwarded to the checks
+
+    Returns:
+        List of (tag, errors) that failed.
+    """
+    reports = []
+    for check in GROUPS[group]:
+        errors = run_check(check, **kwargs)
+        reports.append((check, errors))
+    return reports
+
+
+def run_check(tag, **kwargs):
+    """Run the checks associated with a single tag.
+
+    Args:
+        tag (str): tag of the check
+        **kwargs: keyword arguments forwarded to the checks
+
+    Returns:
+        Errors occurred during the checks
+    """
+    return CALLBACKS[tag].run(**kwargs)
+
+
+# TODO: For the generic check to be useful for end users,
+# TODO: we need to implement hooks like described in
+# TODO: https://github.com/spack/spack/pull/23053/files#r630265011
+#: Generic checks relying on global state
+generic = AuditClass(
+    group='generic',
+    tag='GENERIC',
+    description='Generic checks relying on global variables',
+    kwargs=()
+)
+
+
+#: Sanity checks on compilers.yaml
+config_compiler = AuditClass(
+    group='configs',
+    tag='CFG-COMPILER',
+    description='Sanity checks on compilers.yaml',
+    kwargs=()
+)
+
+
+@config_compiler
+def _search_duplicate_compilers(error_cls):
+    """Report compilers with the same spec and two different definitions"""
+    import spack.config
+    errors = []
+
+    compilers = list(sorted(
+        spack.config.get('compilers'), key=lambda x: x['compiler']['spec']
+    ))
+    for spec, group in itertools.groupby(
+            compilers, key=lambda x: x['compiler']['spec']
+    ):
+        group = list(group)
+        if len(group) == 1:
+            continue
+
+        error_msg = 'Compiler defined multiple times: {0}'
+        try:
+            details = [str(x._start_mark).strip() for x in group]
+        except Exception:
+            details = []
+        errors.append(error_cls(
+            summary=error_msg.format(spec), details=details
+        ))
+
+    return errors
+
+
+#: Sanity checks on packages.yaml
+config_packages = AuditClass(
+    group='configs',
+    tag='CFG-PACKAGES',
+    description='Sanity checks on packages.yaml',
+    kwargs=()
+)
+
+
+@config_packages
+def _search_duplicate_specs_in_externals(error_cls):
+    """Search for duplicate specs declared as externals"""
+    import spack.config
+
+    errors, externals = [], collections.defaultdict(list)
+    packages_yaml = spack.config.get('packages')
+
+    for name, pkg_config in packages_yaml.items():
+        # No externals can be declared under all
+        if name == 'all' or 'externals' not in pkg_config:
+            continue
+
+        current_externals = pkg_config['externals']
+        for entry in current_externals:
+            # Ask for the string representation of the spec to normalize
+            # aspects of the spec that may be represented in multiple ways
+            # e.g. +foo or foo=true
+            key = str(spack.spec.Spec(entry['spec']))
+            externals[key].append(entry)
+
+    for spec, entries in sorted(externals.items()):
+        # If there's a single external for a spec we are fine
+        if len(entries) < 2:
+            continue
+
+        # Otherwise wwe need to report an error
+        error_msg = 'Multiple externals share the same spec: {0}'.format(spec)
+        try:
+            lines = [str(x._start_mark).strip() for x in entries]
+            details = [
+                'Please remove all but one of the following entries:'
+            ] + lines + [
+                'as they might result in non-deterministic hashes'
+            ]
+        except TypeError:
+            details = []
+
+        errors.append(error_cls(summary=error_msg, details=details))
+
+    return errors
+
+
+#: Sanity checks on package directives
+package_directives = AuditClass(
+    group='packages',
+    tag='PKG-DIRECTIVES',
+    description='Sanity checks on specs used in directives',
+    kwargs=('pkgs',)
+)
+
+
+@package_directives
+def _unknown_variants_in_directives(pkgs, error_cls):
+    """Report unknown or wrong variants in directives for this package"""
+    import llnl.util.lang
+
+    import spack.repo
+    import spack.spec
+
+    errors = []
+    for pkg_name in pkgs:
+        pkg = spack.repo.get(pkg_name)
+
+        # Check "conflicts" directive
+        for conflict, triggers in pkg.conflicts.items():
+            for trigger, _ in triggers:
+                vrn = spack.spec.Spec(conflict)
+                try:
+                    vrn.constrain(trigger)
+                except Exception as e:
+                    msg = 'Generic error in conflict for package "{0}": '
+                    errors.append(error_cls(msg.format(pkg.name), [str(e)]))
+                    continue
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='conflicts', error_cls=error_cls
+                ))
+
+        # Check "depends_on" directive
+        for _, triggers in pkg.dependencies.items():
+            triggers = list(triggers)
+            for trigger in list(triggers):
+                vrn = spack.spec.Spec(trigger)
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='depends_on', error_cls=error_cls
+                ))
+
+        # Check "patch" directive
+        for _, triggers in pkg.provided.items():
+            triggers = [spack.spec.Spec(x) for x in triggers]
+            for vrn in triggers:
+                errors.extend(_analyze_variants_in_directive(
+                    pkg, vrn, directive='patch', error_cls=error_cls
+                ))
+
+        # Check "resource" directive
+        for vrn in pkg.resources:
+            errors.extend(_analyze_variants_in_directive(
+                pkg, vrn, directive='resource', error_cls=error_cls
+            ))
+
+    return llnl.util.lang.dedupe(errors)
+
+
+@package_directives
+def _unknown_variants_in_dependencies(pkgs, error_cls):
+    """Report unknown dependencies and wrong variants for dependencies"""
+    import spack.repo
+    import spack.spec
+
+    errors = []
+    for pkg_name in pkgs:
+        pkg = spack.repo.get(pkg_name)
+        filename = spack.repo.path.filename_for_package_name(pkg_name)
+        for dependency_name, dependency_data in pkg.dependencies.items():
+            # No need to analyze virtual packages
+            if spack.repo.path.is_virtual(dependency_name):
+                continue
+
+            try:
+                dependency_pkg = spack.repo.get(dependency_name)
+            except spack.repo.UnknownPackageError:
+                # This dependency is completely missing, so report
+                # and continue the analysis
+                summary = (pkg_name + ": unknown package '{0}' in "
+                           "'depends_on' directive".format(dependency_name))
+                details = [
+                    " in " + filename
+                ]
+                errors.append(error_cls(summary=summary, details=details))
+                continue
+
+            for _, dependency_edge in dependency_data.items():
+                dependency_variants = dependency_edge.spec.variants
+                for name, value in dependency_variants.items():
+                    try:
+                        dependency_pkg.variants[name].validate_or_raise(
+                            value, pkg=dependency_pkg
+                        )
+                    except Exception as e:
+                        summary = (pkg_name + ": wrong variant used for a "
+                                   "dependency in a 'depends_on' directive")
+                        error_msg = str(e).strip()
+                        if isinstance(e, KeyError):
+                            error_msg = ('the variant {0} does not '
+                                         'exist'.format(error_msg))
+                        error_msg += " in package '" + dependency_name + "'"
+
+                        errors.append(error_cls(
+                            summary=summary, details=[error_msg, 'in ' + filename]
+                        ))
+
+    return errors
+
+
+def _analyze_variants_in_directive(pkg, constraint, directive, error_cls):
+    import spack.variant
+    variant_exceptions = (
+        spack.variant.InconsistentValidationError,
+        spack.variant.MultipleValuesInExclusiveVariantError,
+        spack.variant.InvalidVariantValueError,
+        KeyError
+    )
+    errors = []
+    for name, v in constraint.variants.items():
+        try:
+            pkg.variants[name].validate_or_raise(v, pkg=pkg)
+        except variant_exceptions as e:
+            summary = pkg.name + ': wrong variant in "{0}" directive'
+            summary = summary.format(directive)
+            filename = spack.repo.path.filename_for_package_name(pkg.name)
+
+            error_msg = str(e).strip()
+            if isinstance(e, KeyError):
+                error_msg = 'the variant {0} does not exist'.format(error_msg)
+
+            err = error_cls(summary=summary, details=[
+                error_msg, 'in ' + filename
+            ])
+
+            errors.append(err)
+
+    return errors
--- a/lib/spack/spack/binary_distribution.py
+++ b/lib/spack/spack/binary_distribution.py
@@ -4,22 +4,20 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

 import codecs
+import glob
+import hashlib
+import json
 import os
 import re
+import shutil
 import sys
 import tarfile
-import shutil
 import tempfile
-import hashlib
-import glob
-from ordereddict_backport import OrderedDict
-
 from contextlib import closing
+
 import ruamel.yaml as yaml
-
-import json
-
-from six.moves.urllib.error import URLError, HTTPError
+from ordereddict_backport import OrderedDict
+from six.moves.urllib.error import HTTPError, URLError

 import llnl.util.lang
 import llnl.util.tty as tty
@@ -29,21 +27,18 @@
 import spack.config as config
 import spack.database as spack_db
 import spack.fetch_strategy as fs
-import spack.util.file_cache as file_cache
+import spack.mirror
 import spack.relocate as relocate
+import spack.util.file_cache as file_cache
 import spack.util.gpg
 import spack.util.spack_json as sjson
 import spack.util.spack_yaml as syaml
-import spack.mirror
 import spack.util.url as url_util
 import spack.util.web as web_util
+from spack.caches import misc_cache_location
 from spack.spec import Spec
 from spack.stage import Stage

-
-#: default root, relative to the Spack install path
-default_binary_index_root = os.path.join(spack.paths.opt_path, 'spack')
-
 _build_cache_relative_path = 'build_cache'
 _build_cache_keys_relative_path = '_pgp'

@@ -67,9 +62,8 @@ class BinaryCacheIndex(object):
    mean we should have paid the price to update the cache earlier?
    """

-    def __init__(self, cache_root=None):
-        self._cache_root = cache_root or default_binary_index_root
-        self._index_cache_root = os.path.join(self._cache_root, 'indices')
+    def __init__(self, cache_root):
+        self._index_cache_root = cache_root

        # the key associated with the serialized _local_index_cache
        self._index_contents_key = 'contents.json'
@@ -159,7 +153,7 @@ def _associate_built_specs_with_mirror(self, cache_key, mirror_url):
            with self._index_file_cache.read_transaction(cache_key):
                db._read_from_file(cache_path)

-            spec_list = db.query_local(installed=False)
+            spec_list = db.query_local(installed=False, in_buildcache=True)

            for indexed_spec in spec_list:
                dag_hash = indexed_spec.dag_hash()
@@ -440,13 +434,15 @@ def _fetch_and_cache_index(self, mirror_url, expect_hash=None):
        return True


+def binary_index_location():
+    """Set up a BinaryCacheIndex for remote buildcache dbs in the user's homedir."""
+    cache_root = os.path.join(misc_cache_location(), 'indices')
+    return spack.util.path.canonicalize_path(cache_root)
+
+
 def _binary_index():
    """Get the singleton store instance."""
-    cache_root = spack.config.get(
-        'config:binary_index_root', default_binary_index_root)
-    cache_root = spack.util.path.canonicalize_path(cache_root)
-
-    return BinaryCacheIndex(cache_root)
+    return BinaryCacheIndex(binary_index_location())


 #: Singleton binary_index instance
@@ -551,40 +547,38 @@ def read_buildinfo_file(prefix):
    return buildinfo


-def write_buildinfo_file(spec, workdir, rel=False):
+def get_buildfile_manifest(spec):
    """
-    Create a cache file containing information
-    required for the relocation
+    Return a data structure with information about a build, including
+    text_to_relocate, binary_to_relocate, binary_to_relocate_fullpath
+    link_to_relocate, and other, which means it doesn't fit any of previous
+    checks (and should not be relocated). We blacklist docs (man) and
+    metadata (.spack). This can be used to find a particular kind of file
+    in spack, or to generate the build metadata.
    """
-    prefix = spec.prefix
-    text_to_relocate = []
-    binary_to_relocate = []
-    link_to_relocate = []
+    data = {"text_to_relocate": [], "binary_to_relocate": [],
+            "link_to_relocate": [], "other": [],
+            "binary_to_relocate_fullpath": []}
+
    blacklist = (".spack", "man")
-    prefix_to_hash = dict()
-    prefix_to_hash[str(spec.package.prefix)] = spec.dag_hash()
-    deps = spack.build_environment.get_rpath_deps(spec.package)
-    for d in deps:
-        prefix_to_hash[str(d.prefix)] = d.dag_hash()
+
    # Do this at during tarball creation to save time when tarball unpacked.
    # Used by make_package_relative to determine binaries to change.
-    for root, dirs, files in os.walk(prefix, topdown=True):
+    for root, dirs, files in os.walk(spec.prefix, topdown=True):
        dirs[:] = [d for d in dirs if d not in blacklist]
        for filename in files:
            path_name = os.path.join(root, filename)
            m_type, m_subtype = relocate.mime_type(path_name)
+            rel_path_name = os.path.relpath(path_name, spec.prefix)
+            added = False
+
            if os.path.islink(path_name):
                link = os.readlink(path_name)
                if os.path.isabs(link):
                    # Relocate absolute links into the spack tree
                    if link.startswith(spack.store.layout.root):
-                        rel_path_name = os.path.relpath(path_name, prefix)
-                        link_to_relocate.append(rel_path_name)
-                    else:
-                        msg = 'Absolute link %s to %s ' % (path_name, link)
-                        msg += 'outside of prefix %s ' % prefix
-                        msg += 'should not be relocated.'
-                        tty.warn(msg)
+                        data['link_to_relocate'].append(rel_path_name)
+                    added = True

            if relocate.needs_binary_relocation(m_type, m_subtype):
                if ((m_subtype in ('x-executable', 'x-sharedlib')
@@ -592,11 +586,31 @@ def write_buildinfo_file(spec, workdir, rel=False):
                   (m_subtype in ('x-mach-binary')
                    and sys.platform == 'darwin') or
                   (not filename.endswith('.o'))):
-                    rel_path_name = os.path.relpath(path_name, prefix)
-                    binary_to_relocate.append(rel_path_name)
+                    data['binary_to_relocate'].append(rel_path_name)
+                    data['binary_to_relocate_fullpath'].append(path_name)
+                    added = True
+
            if relocate.needs_text_relocation(m_type, m_subtype):
-                rel_path_name = os.path.relpath(path_name, prefix)
-                text_to_relocate.append(rel_path_name)
+                data['text_to_relocate'].append(rel_path_name)
+                added = True
+
+            if not added:
+                data['other'].append(path_name)
+    return data
+
+
+def write_buildinfo_file(spec, workdir, rel=False):
+    """
+    Create a cache file containing information
+    required for the relocation
+    """
+    manifest = get_buildfile_manifest(spec)
+
+    prefix_to_hash = dict()
+    prefix_to_hash[str(spec.package.prefix)] = spec.dag_hash()
+    deps = spack.build_environment.get_rpath_deps(spec.package)
+    for d in deps:
+        prefix_to_hash[str(d.prefix)] = d.dag_hash()

    # Create buildinfo data and write it to disk
    import spack.hooks.sbang as sbang
@@ -606,10 +620,10 @@ def write_buildinfo_file(spec, workdir, rel=False):
    buildinfo['buildpath'] = spack.store.layout.root
    buildinfo['spackprefix'] = spack.paths.prefix
    buildinfo['relative_prefix'] = os.path.relpath(
-        prefix, spack.store.layout.root)
-    buildinfo['relocate_textfiles'] = text_to_relocate
-    buildinfo['relocate_binaries'] = binary_to_relocate
-    buildinfo['relocate_links'] = link_to_relocate
+        spec.prefix, spack.store.layout.root)
+    buildinfo['relocate_textfiles'] = manifest['text_to_relocate']
+    buildinfo['relocate_binaries'] = manifest['binary_to_relocate']
+    buildinfo['relocate_links'] = manifest['link_to_relocate']
    buildinfo['prefix_to_hash'] = prefix_to_hash
    filename = buildinfo_file_name(workdir)
    with open(filename, 'w') as outfile:
@@ -699,7 +713,7 @@ def generate_package_index(cache_prefix):
    db_root_dir = os.path.join(tmpdir, 'db_root')
    db = spack_db.Database(None, db_dir=db_root_dir,
                           enable_transaction_locking=False,
-                           record_fields=['spec', 'ref_count'])
+                           record_fields=['spec', 'ref_count', 'in_buildcache'])

    try:
        file_list = (
@@ -731,6 +745,7 @@ def generate_package_index(cache_prefix):
            # s = Spec.from_yaml(yaml_obj)
            s = Spec.from_yaml(yaml_contents)
            db.add(s, None)
+            db.mark(s, 'in_buildcache', True)
        except (URLError, web_util.SpackWebError) as url_err:
            tty.error('Error reading spec.yaml: {0}'.format(file_path))
            tty.error(url_err)
@@ -1161,7 +1176,7 @@ def is_backup_file(file):
            text_names.append(text_name)

    # If we are not installing back to the same install tree do the relocation
-    if old_layout_root != new_layout_root:
+    if old_prefix != new_prefix:
        files_to_relocate = [os.path.join(workdir, filename)
                             for filename in buildinfo.get('relocate_binaries')
                             ]
@@ -1540,7 +1555,9 @@ def push_keys(*mirrors, **kwargs):
                filename = fingerprint + '.pub'

                export_target = os.path.join(prefix, filename)
-                spack.util.gpg.export_keys(export_target, fingerprint)
+
+                # Export public keys (private is set to False)
+                spack.util.gpg.export_keys(export_target, [fingerprint])

                # If mirror is local, the above export writes directly to the
                # mirror (export_target points directly to the mirror).
--- a/lib/spack/spack/bootstrap.py
+++ b/lib/spack/spack/bootstrap.py
@@ -1,4 +1,4 @@
-# Copyright 2013-2020 Lawrence Livermore National Security, LLC and other
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
 # Spack Project Developers. See the top-level COPYRIGHT file for details.
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)
@@ -6,6 +6,14 @@
 import os
 import sys

+try:
+    import sysconfig  # novm
+except ImportError:
+    # Not supported on Python 2.6
+    pass
+
+import archspec.cpu
+
 import llnl.util.filesystem as fs
 import llnl.util.tty as tty

@@ -20,17 +28,33 @@
 from spack.util.environment import EnvironmentModifications


+def spec_for_current_python():
+    """For bootstrapping purposes we are just interested in the Python
+    minor version (all patches are ABI compatible with the same minor)
+    and on whether ucs4 support has been enabled for Python 2.7
+
+    See:
+      https://www.python.org/dev/peps/pep-0513/
+      https://stackoverflow.com/a/35801395/771663
+    """
+    version_str = '.'.join(str(x) for x in sys.version_info[:2])
+    variant_str = ''
+    if sys.version_info[0] == 2 and sys.version_info[1] == 7:
+        unicode_size = sysconfig.get_config_var('Py_UNICODE_SIZE')
+        variant_str = '+ucs4' if unicode_size == 4 else '~ucs4'
+
+    spec_fmt = 'python@{0} {1}'
+    return spec_fmt.format(version_str, variant_str)
+
+
@contextlib.contextmanager
 def spack_python_interpreter():
    """Override the current configuration to set the interpreter under
    which Spack is currently running as the only Python external spec
    available.
    """
-    python_cls = type(spack.spec.Spec('python').package)
    python_prefix = os.path.dirname(os.path.dirname(sys.executable))
-    externals = python_cls.determine_spec_details(
-        python_prefix, [os.path.basename(sys.executable)])
-    external_python = externals[0]
+    external_python = spec_for_current_python()

    entry = {
        'buildable': False,
@@ -60,9 +84,10 @@ def make_module_available(module, spec=None, install=False):
    # We can constrain by a shortened version in place of a version range
    # because this spec is only used for querying or as a placeholder to be
    # replaced by an external that already has a concrete version. This syntax
-    # is not suffucient when concretizing without an external, as it will
+    # is not sufficient when concretizing without an external, as it will
    # concretize to python@X.Y instead of python@X.Y.Z
-    spec.constrain('^python@%d.%d' % sys.version_info[:2])
+    python_requirement = '^' + spec_for_current_python()
+    spec.constrain(python_requirement)
    installed_specs = spack.store.db.query(spec, installed=True)

    for ispec in installed_specs:
@@ -172,7 +197,10 @@ def _raise_error(executable, exe_spec):


 def _bootstrap_config_scopes():
-    config_scopes = []
+    tty.debug('[BOOTSTRAP CONFIG SCOPE] name=_builtin')
+    config_scopes = [
+        spack.config.InternalConfigScope('_builtin', spack.config.config_defaults)
+    ]
    for name, path in spack.config.configuration_paths:
        platform = spack.architecture.platform().name
        platform_scope = spack.config.ConfigScope(
@@ -180,7 +208,7 @@ def _bootstrap_config_scopes():
        )
        generic_scope = spack.config.ConfigScope(name, path)
        config_scopes.extend([generic_scope, platform_scope])
-        msg = '[BOOSTRAP CONFIG SCOPE] name={0}, path={1}'
+        msg = '[BOOTSTRAP CONFIG SCOPE] name={0}, path={1}'
        tty.debug(msg.format(generic_scope.name, generic_scope.path))
        tty.debug(msg.format(platform_scope.name, platform_scope.path))
    return config_scopes
@@ -189,11 +217,35 @@ def _bootstrap_config_scopes():
@contextlib.contextmanager
 def ensure_bootstrap_configuration():
    with spack.architecture.use_platform(spack.architecture.real_platform()):
-        # Default configuration scopes excluding command line and builtin
-        # but accounting for platform specific scopes
-        config_scopes = _bootstrap_config_scopes()
-        with spack.config.use_configuration(*config_scopes):
-            with spack.repo.use_repositories(spack.paths.packages_path):
-                with spack.store.use_store(spack.paths.user_bootstrap_store):
+        with spack.repo.use_repositories(spack.paths.packages_path):
+            with spack.store.use_store(spack.paths.user_bootstrap_store):
+                # Default configuration scopes excluding command line
+                # and builtin but accounting for platform specific scopes
+                config_scopes = _bootstrap_config_scopes()
+                with spack.config.use_configuration(*config_scopes):
                    with spack_python_interpreter():
                        yield
+
+
+def clingo_root_spec():
+    # Construct the root spec that will be used to bootstrap clingo
+    spec_str = 'clingo-bootstrap@spack+python'
+
+    # Add a proper compiler hint to the root spec. We use GCC for
+    # everything but MacOS.
+    if str(spack.architecture.platform()) == 'darwin':
+        spec_str += ' %apple-clang'
+    else:
+        spec_str += ' %gcc'
+
+    # Add hint to use frontend operating system on Cray
+    if str(spack.architecture.platform()) == 'cray':
+        spec_str += ' os=fe'
+
+    # Add the generic target
+    generic_target = archspec.cpu.host().family
+    spec_str += ' target={0}'.format(str(generic_target))
+
+    tty.debug('[BOOTSTRAP ROOT SPEC] clingo: {0}'.format(spec_str))
+
+    return spack.spec.Spec(spec_str)
--- a/lib/spack/spack/build_environment.py
+++ b/lib/spack/spack/build_environment.py
@@ -33,44 +33,51 @@
 calls you can make from within the install() function.
 """
 import inspect
-import re
 import multiprocessing
 import os
+import re
 import shutil
 import sys
 import traceback
 import types
+
 from six import StringIO

 import llnl.util.tty as tty
-from llnl.util.tty.color import cescape, colorize
-from llnl.util.filesystem import mkdirp, install, install_tree
+from llnl.util.filesystem import install, install_tree, mkdirp
 from llnl.util.lang import dedupe
+from llnl.util.tty.color import cescape, colorize
 from llnl.util.tty.log import MultiProcessFd

+import spack.architecture as arch
 import spack.build_systems.cmake
 import spack.build_systems.meson
 import spack.config
+import spack.install_test
 import spack.main
-import spack.paths
 import spack.package
+import spack.paths
 import spack.repo
 import spack.schema.environment
 import spack.store
-import spack.install_test
 import spack.subprocess_context
-import spack.architecture as arch
 import spack.util.path
-from spack.util.string import plural
+from spack.error import NoHeadersError, NoLibrariesError
+from spack.util.cpus import cpus_available
 from spack.util.environment import (
-    env_flag, filter_system_paths, get_path, is_system_path,
-    EnvironmentModifications, validate, preserve_environment)
-from spack.util.environment import system_dirs
-from spack.error import NoLibrariesError, NoHeadersError
+    EnvironmentModifications,
+    env_flag,
+    filter_system_paths,
+    get_path,
+    is_system_path,
+    preserve_environment,
+    system_dirs,
+    validate,
+)
 from spack.util.executable import Executable
-from spack.util.module_cmd import load_module, path_from_modules, module
-from spack.util.log_parse import parse_log_events, make_log_context
-
+from spack.util.log_parse import make_log_context, parse_log_events
+from spack.util.module_cmd import load_module, module, path_from_modules
+from spack.util.string import plural

 #
 # This can be set by the user to globally disable parallel builds.
@@ -79,7 +86,7 @@

 #
 # These environment variables are set by
-# set_build_environment_variables and used to pass parameters to
+# set_wrapper_variables and used to pass parameters to
 # Spack's compiler wrappers.
 #
 SPACK_ENV_PATH = 'SPACK_ENV_PATH'
@@ -160,6 +167,12 @@ def clean_environment():
    env.unset('CPLUS_INCLUDE_PATH')
    env.unset('OBJC_INCLUDE_PATH')

+    env.unset('CMAKE_PREFIX_PATH')
+
+    # Avoid that libraries of build dependencies get hijacked.
+    env.unset('LD_PRELOAD')
+    env.unset('DYLD_INSERT_LIBRARIES')
+
    # On Cray "cluster" systems, unset CRAY_LD_LIBRARY_PATH to avoid
    # interference with Spack dependencies.
    # CNL requires these variables to be set (or at least some of them,
@@ -307,88 +320,20 @@ def set_compiler_environment_variables(pkg, env):
    return env


-def set_build_environment_variables(pkg, env, dirty):
-    """Ensure a clean install environment when we build packages.
+def set_wrapper_variables(pkg, env):
+    """Set environment variables used by the Spack compiler wrapper
+       (which have the prefix `SPACK_`) and also add the compiler wrappers
+       to PATH.

-    This involves unsetting pesky environment variables that may
-    affect the build. It also involves setting environment variables
-    used by Spack's compiler wrappers.
-
-    Args:
-        pkg: The package we are building
-        env: The build environment
-        dirty (bool): Skip unsetting the user's environment settings
+       This determines the injected -L/-I/-rpath options; each
+       of these specifies a search order and this function computes these
+       options in a manner that is intended to match the DAG traversal order
+       in `modifications_from_dependencies`: that method uses a post-order
+       traversal so that `PrependPath` actions from dependencies take lower
+       precedence; we use a post-order traversal here to match the visitation
+       order of `modifications_from_dependencies` (so we are visiting the
+       lowest priority packages first).
    """
-    # Gather information about various types of dependencies
-    build_deps      = set(pkg.spec.dependencies(deptype=('build', 'test')))
-    link_deps       = set(pkg.spec.traverse(root=False, deptype=('link')))
-    build_link_deps = build_deps | link_deps
-    rpath_deps      = get_rpath_deps(pkg)
-
-    link_dirs = []
-    include_dirs = []
-    rpath_dirs = []
-
-    # The top-level package is always RPATHed. It hasn't been installed yet
-    # so the RPATHs are added unconditionally (e.g. even though lib64/ may
-    # not be created for the install).
-    for libdir in ['lib', 'lib64']:
-        lib_path = os.path.join(pkg.prefix, libdir)
-        rpath_dirs.append(lib_path)
-
-    # Set up link, include, RPATH directories that are passed to the
-    # compiler wrapper
-    for dep in link_deps:
-        if is_system_path(dep.prefix):
-            continue
-        query = pkg.spec[dep.name]
-        dep_link_dirs = list()
-        try:
-            dep_link_dirs.extend(query.libs.directories)
-        except NoLibrariesError:
-            tty.debug("No libraries found for {0}".format(dep.name))
-
-        for default_lib_dir in ['lib', 'lib64']:
-            default_lib_prefix = os.path.join(dep.prefix, default_lib_dir)
-            if os.path.isdir(default_lib_prefix):
-                dep_link_dirs.append(default_lib_prefix)
-
-        link_dirs.extend(dep_link_dirs)
-        if dep in rpath_deps:
-            rpath_dirs.extend(dep_link_dirs)
-
-        try:
-            include_dirs.extend(query.headers.directories)
-        except NoHeadersError:
-            tty.debug("No headers found for {0}".format(dep.name))
-
-    link_dirs = list(dedupe(filter_system_paths(link_dirs)))
-    include_dirs = list(dedupe(filter_system_paths(include_dirs)))
-    rpath_dirs = list(dedupe(filter_system_paths(rpath_dirs)))
-
-    env.set(SPACK_LINK_DIRS, ':'.join(link_dirs))
-    env.set(SPACK_INCLUDE_DIRS, ':'.join(include_dirs))
-    env.set(SPACK_RPATH_DIRS, ':'.join(rpath_dirs))
-
-    build_prefixes      = [dep.prefix for dep in build_deps]
-    build_link_prefixes = [dep.prefix for dep in build_link_deps]
-
-    # add run-time dependencies of direct build-time dependencies:
-    for build_dep in build_deps:
-        for run_dep in build_dep.traverse(deptype='run'):
-            build_prefixes.append(run_dep.prefix)
-
-    # Filter out system paths: ['/', '/usr', '/usr/local']
-    # These paths can be introduced into the build when an external package
-    # is added as a dependency. The problem with these paths is that they often
-    # contain hundreds of other packages installed in the same directory.
-    # If these paths come first, they can overshadow Spack installations.
-    build_prefixes      = filter_system_paths(build_prefixes)
-    build_link_prefixes = filter_system_paths(build_link_prefixes)
-
-    # Add dependencies to CMAKE_PREFIX_PATH
-    env.set_path('CMAKE_PREFIX_PATH', build_link_prefixes)
-
    # Set environment variables if specified for
    # the given compiler
    compiler = pkg.compiler
@@ -398,13 +343,6 @@ def set_build_environment_variables(pkg, env, dirty):
        extra_rpaths = ':'.join(compiler.extra_rpaths)
        env.set('SPACK_COMPILER_EXTRA_RPATHS', extra_rpaths)

-    # Add bin directories from dependencies to the PATH for the build.
-    for prefix in build_prefixes:
-        for dirname in ['bin', 'bin64']:
-            bin_dir = os.path.join(prefix, dirname)
-            if os.path.isdir(bin_dir):
-                env.prepend_path('PATH', bin_dir)
-
    # Add spack build environment path with compiler wrappers first in
    # the path. We add the compiler wrapper path, which includes default
    # wrappers (cc, c++, f77, f90), AND a subdirectory containing
@@ -424,6 +362,7 @@ def set_build_environment_variables(pkg, env, dirty):
        if os.path.isdir(ci):
            env_paths.append(ci)

+    tty.debug("Adding compiler bin/ paths: " + " ".join(env_paths))
    for item in env_paths:
        env.prepend_path('PATH', item)
    env.set_path(SPACK_ENV_PATH, env_paths)
@@ -442,14 +381,101 @@ def set_build_environment_variables(pkg, env, dirty):
            raise RuntimeError("No ccache binary found in PATH")
        env.set(SPACK_CCACHE_BINARY, ccache)

-    # Add any pkgconfig directories to PKG_CONFIG_PATH
-    for prefix in build_link_prefixes:
-        for directory in ('lib', 'lib64', 'share'):
-            pcdir = os.path.join(prefix, directory, 'pkgconfig')
-            if os.path.isdir(pcdir):
-                env.prepend_path('PKG_CONFIG_PATH', pcdir)
+    # Gather information about various types of dependencies
+    link_deps  = set(pkg.spec.traverse(root=False, deptype=('link')))
+    rpath_deps = get_rpath_deps(pkg)

-    return env
+    link_dirs = []
+    include_dirs = []
+    rpath_dirs = []
+
+    def _prepend_all(list_to_modify, items_to_add):
+        # Update the original list (creating a new list would be faster but
+        # may not be convenient)
+        for item in reversed(list(items_to_add)):
+            list_to_modify.insert(0, item)
+
+    def update_compiler_args_for_dep(dep):
+        if dep in link_deps and (not is_system_path(dep.prefix)):
+            query = pkg.spec[dep.name]
+            dep_link_dirs = list()
+            try:
+                dep_link_dirs.extend(query.libs.directories)
+            except NoLibrariesError:
+                tty.debug("No libraries found for {0}".format(dep.name))
+
+            for default_lib_dir in ['lib', 'lib64']:
+                default_lib_prefix = os.path.join(
+                    dep.prefix, default_lib_dir)
+                if os.path.isdir(default_lib_prefix):
+                    dep_link_dirs.append(default_lib_prefix)
+
+            _prepend_all(link_dirs, dep_link_dirs)
+            if dep in rpath_deps:
+                _prepend_all(rpath_dirs, dep_link_dirs)
+
+            try:
+                _prepend_all(include_dirs, query.headers.directories)
+            except NoHeadersError:
+                tty.debug("No headers found for {0}".format(dep.name))
+
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if dspec.external:
+            update_compiler_args_for_dep(dspec)
+
+    # Just above, we prepended entries for -L/-rpath for externals. We
+    # now do this for non-external packages so that Spack-built packages
+    # are searched first for libraries etc.
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if not dspec.external:
+            update_compiler_args_for_dep(dspec)
+
+    # The top-level package is always RPATHed. It hasn't been installed yet
+    # so the RPATHs are added unconditionally (e.g. even though lib64/ may
+    # not be created for the install).
+    for libdir in ['lib64', 'lib']:
+        lib_path = os.path.join(pkg.prefix, libdir)
+        rpath_dirs.insert(0, lib_path)
+
+    link_dirs = list(dedupe(filter_system_paths(link_dirs)))
+    include_dirs = list(dedupe(filter_system_paths(include_dirs)))
+    rpath_dirs = list(dedupe(filter_system_paths(rpath_dirs)))
+
+    env.set(SPACK_LINK_DIRS, ':'.join(link_dirs))
+    env.set(SPACK_INCLUDE_DIRS, ':'.join(include_dirs))
+    env.set(SPACK_RPATH_DIRS, ':'.join(rpath_dirs))
+
+
+def determine_number_of_jobs(
+        parallel=False, command_line=None, config_default=None, max_cpus=None):
+    """
+    Packages that require sequential builds need 1 job. Otherwise we use the
+    number of jobs set on the command line. If not set, then we use the config
+    defaults (which is usually set through the builtin config scope), but we
+    cap to the number of CPUs available to avoid oversubscription.
+
+    Parameters:
+        parallel (bool): true when package supports parallel builds
+        command_line (int/None): command line override
+        config_default (int/None): config default number of jobs
+        max_cpus (int/None): maximum number of CPUs available. When None, this
+                             value is automatically determined.
+    """
+    if not parallel:
+        return 1
+
+    if command_line is None and 'command_line' in spack.config.scopes():
+        command_line = spack.config.get('config:build_jobs', scope='command_line')
+
+    if command_line is not None:
+        return command_line
+
+    max_cpus = max_cpus or cpus_available()
+
+    # in some rare cases _builtin config may not be set, so default to max 16
+    config_default = config_default or spack.config.get('config:build_jobs', 16)
+
+    return min(max_cpus, config_default)


 def _set_variables_for_single_module(pkg, module):
@@ -460,8 +486,7 @@ def _set_variables_for_single_module(pkg, module):
    if getattr(module, marker, False):
        return

-    jobs = spack.config.get('config:build_jobs', 16) if pkg.parallel else 1
-    jobs = min(jobs, multiprocessing.cpu_count())
+    jobs = determine_number_of_jobs(parallel=pkg.parallel)

    m = module
    m.make_jobs = jobs
@@ -723,42 +748,40 @@ def load_external_modules(pkg):

 def setup_package(pkg, dirty, context='build'):
    """Execute all environment setup routines."""
+    if context not in ['build', 'test']:
+        raise ValueError(
+            "'context' must be one of ['build', 'test'] - got: {0}"
+            .format(context))
+
+    set_module_variables_for_package(pkg)
+
    env = EnvironmentModifications()

    if not dirty:
        clean_environment()

-    # setup compilers and build tools for build contexts
+    # setup compilers for build contexts
    need_compiler = context == 'build' or (context == 'test' and
                                           pkg.test_requires_compiler)
    if need_compiler:
        set_compiler_environment_variables(pkg, env)
-        set_build_environment_variables(pkg, env, dirty)
+        set_wrapper_variables(pkg, env)
+
+    env.extend(modifications_from_dependencies(
+        pkg.spec, context, custom_mods_only=False))

    # architecture specific setup
    pkg.architecture.platform.setup_platform_environment(pkg, env)

    if context == 'build':
-        # recursive post-order dependency information
-        env.extend(
-            modifications_from_dependencies(pkg.spec, context=context)
-        )
+        pkg.setup_build_environment(env)

        if (not dirty) and (not env.is_unset('CPATH')):
            tty.debug("A dependency has updated CPATH, this may lead pkg-"
                      "config to assume that the package is part of the system"
                      " includes and omit it when invoked with '--cflags'.")
-
-        # setup package itself
-        set_module_variables_for_package(pkg)
-        pkg.setup_build_environment(env)
    elif context == 'test':
-        import spack.user_environment as uenv  # avoid circular import
-        env.extend(uenv.environment_modifications_for_spec(pkg.spec))
-        env.extend(
-            modifications_from_dependencies(pkg.spec, context=context)
-        )
-        set_module_variables_for_package(pkg)
+        pkg.setup_run_environment(env)
        env.prepend_path('PATH', '.')

    # Loading modules, in particular if they are meant to be used outside
@@ -800,39 +823,173 @@ def setup_package(pkg, dirty, context='build'):
    env.apply_modifications()


-def modifications_from_dependencies(spec, context):
+def _make_runnable(pkg, env):
+    # Helper method which prepends a Package's bin/ prefix to the PATH
+    # environment variable
+    prefix = pkg.prefix
+
+    for dirname in ['bin', 'bin64']:
+        bin_dir = os.path.join(prefix, dirname)
+        if os.path.isdir(bin_dir):
+            env.prepend_path('PATH', bin_dir)
+
+
+def modifications_from_dependencies(spec, context, custom_mods_only=True):
    """Returns the environment modifications that are required by
    the dependencies of a spec and also applies modifications
    to this spec's package at module scope, if need be.

+    Environment modifications include:
+
+    - Updating PATH so that executables can be found
+    - Updating CMAKE_PREFIX_PATH and PKG_CONFIG_PATH so that their respective
+      tools can find Spack-built dependencies
+    - Running custom package environment modifications
+
+    Custom package modifications can conflict with the default PATH changes
+    we make (specifically for the PATH, CMAKE_PREFIX_PATH, and PKG_CONFIG_PATH
+    environment variables), so this applies changes in a fixed order:
+
+    - All modifications (custom and default) from external deps first
+    - All modifications from non-external deps afterwards
+
+    With that order, `PrependPath` actions from non-external default
+    environment modifications will take precedence over custom modifications
+    from external packages.
+
+    A secondary constraint is that custom and default modifications are
+    grouped on a per-package basis: combined with the post-order traversal this
+    means that default modifications of dependents can override custom
+    modifications of dependencies (again, this would only occur for PATH,
+    CMAKE_PREFIX_PATH, or PKG_CONFIG_PATH).
+
    Args:
        spec (Spec): spec for which we want the modifications
        context (str): either 'build' for build-time modifications or 'run'
            for run-time modifications
    """
+    if context not in ['build', 'run', 'test']:
+        raise ValueError(
+            "Expecting context to be one of ['build', 'run', 'test'], "
+            "got: {0}".format(context))
+
    env = EnvironmentModifications()
-    pkg = spec.package

-    # Maps the context to deptype and method to be called
-    deptype_and_method = {
-        'build': (('build', 'link', 'test'),
-                  'setup_dependent_build_environment'),
-        'run': (('link', 'run'), 'setup_dependent_run_environment'),
-        'test': (('link', 'run', 'test'), 'setup_dependent_run_environment')
-    }
-    deptype, method = deptype_and_method[context]
+    # Note: see computation of 'custom_mod_deps' and 'exe_deps' later in this
+    # function; these sets form the building blocks of those collections.
+    build_deps      = set(spec.dependencies(deptype=('build', 'test')))
+    link_deps       = set(spec.traverse(root=False, deptype='link'))
+    build_link_deps = build_deps | link_deps
+    build_and_supporting_deps = set()
+    for build_dep in build_deps:
+        build_and_supporting_deps.update(build_dep.traverse(deptype='run'))
+    run_and_supporting_deps = set(
+        spec.traverse(root=False, deptype=('run', 'link')))
+    test_and_supporting_deps = set()
+    for test_dep in set(spec.dependencies(deptype='test')):
+        test_and_supporting_deps.update(test_dep.traverse(deptype='run'))

-    root = context == 'test'
-    for dspec in spec.traverse(order='post', root=root, deptype=deptype):
-        dpkg = dspec.package
-        set_module_variables_for_package(dpkg)
-        # Allow dependencies to modify the module
-        dpkg.setup_dependent_package(pkg.module, spec)
-        getattr(dpkg, method)(env, spec)
+    # All dependencies that might have environment modifications to apply
+    custom_mod_deps = set()
+    if context == 'build':
+        custom_mod_deps.update(build_and_supporting_deps)
+        # Tests may be performed after build
+        custom_mod_deps.update(test_and_supporting_deps)
+    else:
+        # test/run context
+        custom_mod_deps.update(run_and_supporting_deps)
+        if context == 'test':
+            custom_mod_deps.update(test_and_supporting_deps)
+    custom_mod_deps.update(link_deps)
+
+    # Determine 'exe_deps': the set of packages with binaries we want to use
+    if context == 'build':
+        exe_deps = build_and_supporting_deps | test_and_supporting_deps
+    elif context == 'run':
+        exe_deps = set(spec.traverse(deptype='run'))
+    elif context == 'test':
+        exe_deps = test_and_supporting_deps
+
+    def default_modifications_for_dep(dep):
+        if (dep in build_link_deps and
+                not is_system_path(dep.prefix) and
+                context == 'build'):
+            prefix = dep.prefix
+
+            env.prepend_path('CMAKE_PREFIX_PATH', prefix)
+
+            for directory in ('lib', 'lib64', 'share'):
+                pcdir = os.path.join(prefix, directory, 'pkgconfig')
+                if os.path.isdir(pcdir):
+                    env.prepend_path('PKG_CONFIG_PATH', pcdir)
+
+        if dep in exe_deps and not is_system_path(dep.prefix):
+            _make_runnable(dep, env)
+
+    def add_modifications_for_dep(dep):
+        # Some callers of this function only want the custom modifications.
+        # For callers that want both custom and default modifications, we want
+        # to perform the default modifications here (this groups custom
+        # and default modifications together on a per-package basis).
+        if not custom_mods_only:
+            default_modifications_for_dep(dep)
+
+        # Perform custom modifications here (PrependPath actions performed in
+        # the custom method override the default environment modifications
+        # we do to help the build, namely for PATH, CMAKE_PREFIX_PATH, and
+        # PKG_CONFIG_PATH)
+        if dep in custom_mod_deps:
+            dpkg = dep.package
+            set_module_variables_for_package(dpkg)
+            # Allow dependencies to modify the module
+            dpkg.setup_dependent_package(spec.package.module, spec)
+            if context == 'build':
+                dpkg.setup_dependent_build_environment(env, spec)
+            else:
+                dpkg.setup_dependent_run_environment(env, spec)
+
+    # Note that we want to perform environment modifications in a fixed order.
+    # The Spec.traverse method provides this: i.e. in addition to
+    # the post-order semantics, it also guarantees a fixed traversal order
+    # among dependencies which are not constrained by post-order semantics.
+    for dspec in spec.traverse(root=False, order='post'):
+        if dspec.external:
+            add_modifications_for_dep(dspec)
+
+    for dspec in spec.traverse(root=False, order='post'):
+        # Default env modifications for non-external packages can override
+        # custom modifications of external packages (this can only occur
+        # for modifications to PATH, CMAKE_PREFIX_PATH, and PKG_CONFIG_PATH)
+        if not dspec.external:
+            add_modifications_for_dep(dspec)

    return env


+def get_cmake_prefix_path(pkg):
+    # Note that unlike modifications_from_dependencies, this does not include
+    # any edits to CMAKE_PREFIX_PATH defined in custom
+    # setup_dependent_build_environment implementations of dependency packages
+    build_deps      = set(pkg.spec.dependencies(deptype=('build', 'test')))
+    link_deps       = set(pkg.spec.traverse(root=False, deptype=('link')))
+    build_link_deps = build_deps | link_deps
+    spack_built = []
+    externals = []
+    # modifications_from_dependencies updates CMAKE_PREFIX_PATH by first
+    # prepending all externals and then all non-externals
+    for dspec in pkg.spec.traverse(root=False, order='post'):
+        if dspec in build_link_deps:
+            if dspec.external:
+                externals.insert(0, dspec)
+            else:
+                spack_built.insert(0, dspec)
+
+    ordered_build_link_deps = spack_built + externals
+    build_link_prefixes = filter_system_paths(
+        x.prefix for x in ordered_build_link_deps)
+    return build_link_prefixes
+
+
 def _setup_pkg_and_run(serialized_pkg, function, kwargs, child_pipe,
                       input_multiprocess_fd):

--- a/lib/spack/spack/build_systems/aspell_dict.py
+++ b/lib/spack/spack/build_systems/aspell_dict.py
@@ -6,6 +6,7 @@
 # Why doesn't this work for me?
 # from spack import *
 from llnl.util.filesystem import filter_file
+
 from spack.build_systems.autotools import AutotoolsPackage
 from spack.directives import extends
 from spack.package import ExtensionError
--- a/lib/spack/spack/build_systems/autotools.py
+++ b/lib/spack/spack/build_systems/autotools.py
@@ -6,13 +6,14 @@
 import itertools
 import os
 import os.path
-from subprocess import PIPE
-from subprocess import check_call
+import stat
+from subprocess import PIPE, check_call
 from typing import List  # novm

-import llnl.util.tty as tty
 import llnl.util.filesystem as fs
-from llnl.util.filesystem import working_dir, force_remove
+import llnl.util.tty as tty
+from llnl.util.filesystem import force_remove, working_dir
+
 from spack.package import PackageBase, run_after, run_before
 from spack.util.executable import Executable

@@ -174,7 +175,10 @@ def runs_ok(script_abs_path):
        # Copy the good files over the bad ones
        for abs_path in to_be_patched:
            name = os.path.basename(abs_path)
+            mode = os.stat(abs_path).st_mode
+            os.chmod(abs_path, stat.S_IWUSR)
            fs.copy(substitutes[name], abs_path)
+            os.chmod(abs_path, mode)

    @run_before('configure')
    def _set_autotools_environment_variables(self):
@@ -341,8 +345,11 @@ def build(self, spec, prefix):
        """Makes the build targets specified by
        :py:attr:``~.AutotoolsPackage.build_targets``
        """
+        # See https://autotools.io/automake/silent.html
+        params = ['V=1']
+        params += self.build_targets
        with working_dir(self.build_directory):
-            inspect.getmodule(self).make(*self.build_targets)
+            inspect.getmodule(self).make(*params)

    def install(self, spec, prefix):
        """Makes the install targets specified by
--- a/lib/spack/spack/build_systems/cached_cmake.py
+++ b/lib/spack/spack/build_systems/cached_cmake.py
@@ -0,0 +1,249 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+import os
+
+import llnl.util.tty as tty
+from llnl.util.filesystem import install, mkdirp
+
+from spack.build_systems.cmake import CMakePackage
+from spack.package import run_after
+
+
+def cmake_cache_path(name, value, comment=""):
+    """Generate a string for a cmake cache variable"""
+    return 'set({0} "{1}" CACHE PATH "{2}")\n'.format(name, value, comment)
+
+
+def cmake_cache_string(name, value, comment=""):
+    """Generate a string for a cmake cache variable"""
+    return 'set({0} "{1}" CACHE STRING "{2}")\n'.format(name, value, comment)
+
+
+def cmake_cache_option(name, boolean_value, comment=""):
+    """Generate a string for a cmake configuration option"""
+
+    value = "ON" if boolean_value else "OFF"
+    return 'set({0} {1} CACHE BOOL "{2}")\n'.format(name, value, comment)
+
+
+class CachedCMakePackage(CMakePackage):
+    """Specialized class for packages built using CMake initial cache.
+
+    This feature of CMake allows packages to increase reproducibility,
+    especially between Spack- and manual builds. It also allows packages to
+    sidestep certain parsing bugs in extremely long ``cmake`` commands, and to
+    avoid system limits on the length of the command line."""
+
+    phases = ['initconfig', 'cmake', 'build', 'install']
+
+    @property
+    def cache_name(self):
+        return "{0}-{1}-{2}@{3}.cmake".format(
+            self.name,
+            self.spec.architecture,
+            self.spec.compiler.name,
+            self.spec.compiler.version,
+        )
+
+    @property
+    def cache_path(self):
+        return os.path.join(self.stage.source_path, self.cache_name)
+
+    def flag_handler(self, name, flags):
+        if name in ('cflags', 'cxxflags', 'cppflags', 'fflags'):
+            return (None, None, None)  # handled in the cmake cache
+        return (flags, None, None)
+
+    def initconfig_compiler_entries(self):
+        # This will tell cmake to use the Spack compiler wrappers when run
+        # through Spack, but use the underlying compiler when run outside of
+        # Spack
+        spec = self.spec
+
+        # Fortran compiler is optional
+        if "FC" in os.environ:
+            spack_fc_entry = cmake_cache_path(
+                "CMAKE_Fortran_COMPILER", os.environ['FC'])
+            system_fc_entry = cmake_cache_path(
+                "CMAKE_Fortran_COMPILER", self.compiler.fc)
+        else:
+            spack_fc_entry = "# No Fortran compiler defined in spec"
+            system_fc_entry = "# No Fortran compiler defined in spec"
+
+        entries = [
+            "#------------------{0}".format("-" * 60),
+            "# Compilers",
+            "#------------------{0}".format("-" * 60),
+            "# Compiler Spec: {0}".format(spec.compiler),
+            "#------------------{0}".format("-" * 60),
+            'if(DEFINED ENV{SPACK_CC})\n',
+            '  ' + cmake_cache_path(
+                "CMAKE_C_COMPILER", os.environ['CC']),
+            '  ' + cmake_cache_path(
+                "CMAKE_CXX_COMPILER", os.environ['CXX']),
+            '  ' + spack_fc_entry,
+            'else()\n',
+            '  ' + cmake_cache_path(
+                "CMAKE_C_COMPILER", self.compiler.cc),
+            '  ' + cmake_cache_path(
+                "CMAKE_CXX_COMPILER", self.compiler.cxx),
+            '  ' + system_fc_entry,
+            'endif()\n'
+        ]
+
+        # use global spack compiler flags
+        cppflags = ' '.join(spec.compiler_flags['cppflags'])
+        if cppflags:
+            # avoid always ending up with ' ' with no flags defined
+            cppflags += ' '
+        cflags = cppflags + ' '.join(spec.compiler_flags['cflags'])
+        if cflags:
+            entries.append(cmake_cache_string("CMAKE_C_FLAGS", cflags))
+        cxxflags = cppflags + ' '.join(spec.compiler_flags['cxxflags'])
+        if cxxflags:
+            entries.append(cmake_cache_string("CMAKE_CXX_FLAGS", cxxflags))
+        fflags = ' '.join(spec.compiler_flags['fflags'])
+        if fflags:
+            entries.append(cmake_cache_string("CMAKE_Fortran_FLAGS", fflags))
+
+        # Override XL compiler family
+        familymsg = ("Override to proper compiler family for XL")
+        if "xlf" in (self.compiler.fc or ''):  # noqa: F821
+            entries.append(cmake_cache_string(
+                "CMAKE_Fortran_COMPILER_ID", "XL",
+                familymsg))
+        if "xlc" in self.compiler.cc:  # noqa: F821
+            entries.append(cmake_cache_string(
+                "CMAKE_C_COMPILER_ID", "XL",
+                familymsg))
+        if "xlC" in self.compiler.cxx:  # noqa: F821
+            entries.append(cmake_cache_string(
+                "CMAKE_CXX_COMPILER_ID", "XL",
+                familymsg))
+
+        return entries
+
+    def initconfig_mpi_entries(self):
+        spec = self.spec
+
+        if not spec.satisfies('^mpi'):
+            return []
+
+        entries = [
+            "#------------------{0}".format("-" * 60),
+            "# MPI",
+            "#------------------{0}\n".format("-" * 60),
+        ]
+
+        entries.append(cmake_cache_path("MPI_C_COMPILER",
+                                        spec['mpi'].mpicc))
+        entries.append(cmake_cache_path("MPI_CXX_COMPILER",
+                                        spec['mpi'].mpicxx))
+        entries.append(cmake_cache_path("MPI_Fortran_COMPILER",
+                                        spec['mpi'].mpifc))
+
+        # Check for slurm
+        using_slurm = False
+        slurm_checks = ['+slurm',
+                        'schedulers=slurm',
+                        'process_managers=slurm']
+        if any(spec['mpi'].satisfies(variant) for variant in slurm_checks):
+            using_slurm = True
+
+        # Determine MPIEXEC
+        if using_slurm:
+            if spec['mpi'].external:
+                # Heuristic until we have dependents on externals
+                mpiexec = '/usr/bin/srun'
+            else:
+                mpiexec = os.path.join(spec['slurm'].prefix.bin, 'srun')
+        else:
+            mpiexec = os.path.join(spec['mpi'].prefix.bin, 'mpirun')
+            if not os.path.exists(mpiexec):
+                mpiexec = os.path.join(spec['mpi'].prefix.bin, 'mpiexec')
+
+        if not os.path.exists(mpiexec):
+            msg = "Unable to determine MPIEXEC, %s tests may fail" % self.name
+            entries.append("# {0}\n".format(msg))
+            tty.warn(msg)
+        else:
+            # starting with cmake 3.10, FindMPI expects MPIEXEC_EXECUTABLE
+            # vs the older versions which expect MPIEXEC
+            if self.spec["cmake"].satisfies('@3.10:'):
+                entries.append(cmake_cache_path("MPIEXEC_EXECUTABLE",
+                                                mpiexec))
+            else:
+                entries.append(cmake_cache_path("MPIEXEC", mpiexec))
+
+        # Determine MPIEXEC_NUMPROC_FLAG
+        if using_slurm:
+            entries.append(cmake_cache_string("MPIEXEC_NUMPROC_FLAG", "-n"))
+        else:
+            entries.append(cmake_cache_string("MPIEXEC_NUMPROC_FLAG", "-np"))
+
+        return entries
+
+    def initconfig_hardware_entries(self):
+        spec = self.spec
+
+        entries = [
+            "#------------------{0}".format("-" * 60),
+            "# Hardware",
+            "#------------------{0}\n".format("-" * 60),
+        ]
+
+        if spec.satisfies('^cuda'):
+            entries.append("#------------------{0}".format("-" * 30))
+            entries.append("# Cuda")
+            entries.append("#------------------{0}\n".format("-" * 30))
+
+            cudatoolkitdir = spec['cuda'].prefix
+            entries.append(cmake_cache_path("CUDA_TOOLKIT_ROOT_DIR",
+                                            cudatoolkitdir))
+            cudacompiler = "${CUDA_TOOLKIT_ROOT_DIR}/bin/nvcc"
+            entries.append(cmake_cache_path("CMAKE_CUDA_COMPILER",
+                                            cudacompiler))
+
+            if spec.satisfies('^mpi'):
+                entries.append(cmake_cache_path("CMAKE_CUDA_HOST_COMPILER",
+                                                "${MPI_CXX_COMPILER}"))
+            else:
+                entries.append(cmake_cache_path("CMAKE_CUDA_HOST_COMPILER",
+                                                "${CMAKE_CXX_COMPILER}"))
+
+        return entries
+
+    def std_initconfig_entries(self):
+        return [
+            "#------------------{0}".format("-" * 60),
+            "# !!!! This is a generated file, edit at own risk !!!!",
+            "#------------------{0}".format("-" * 60),
+            "# CMake executable path: {0}".format(
+                self.spec['cmake'].command.path),
+            "#------------------{0}\n".format("-" * 60),
+        ]
+
+    def initconfig(self, spec, prefix):
+        cache_entries = (self.std_initconfig_entries() +
+                         self.initconfig_compiler_entries() +
+                         self.initconfig_mpi_entries() +
+                         self.initconfig_hardware_entries() +
+                         self.initconfig_package_entries())
+
+        with open(self.cache_name, 'w') as f:
+            for entry in cache_entries:
+                f.write('%s\n' % entry)
+            f.write('\n')
+
+    @property
+    def std_cmake_args(self):
+        args = super(CachedCMakePackage, self).std_cmake_args
+        args.extend(['-C', self.cache_path])
+        return args
+
+    @run_after('install')
+    def install_cmake_cache(self):
+        mkdirp(self.spec.prefix.share.cmake)
+        install(self.cache_path, self.spec.prefix.share.cmake)
--- a/lib/spack/spack/build_systems/cmake.py
+++ b/lib/spack/spack/build_systems/cmake.py
@@ -10,11 +10,11 @@
 import re
 from typing import List  # novm

-import spack.build_environment
 from llnl.util.filesystem import working_dir
-from spack.util.environment import filter_system_paths
-from spack.directives import depends_on, variant, conflicts
-from spack.package import PackageBase, InstallError, run_after
+
+import spack.build_environment
+from spack.directives import conflicts, depends_on, variant
+from spack.package import InstallError, PackageBase, run_after

 # Regex to extract the primary generator from the CMake generator
 # string.
@@ -185,13 +185,9 @@ def _std_args(pkg):
            define('CMAKE_INSTALL_RPATH_USE_LINK_PATH', False),
            define('CMAKE_INSTALL_RPATH',
                   spack.build_environment.get_rpaths(pkg)),
+            define('CMAKE_PREFIX_PATH',
+                   spack.build_environment.get_cmake_prefix_path(pkg))
        ])
-        # CMake's find_package() looks in CMAKE_PREFIX_PATH first, help CMake
-        # to find immediate link dependencies in right places:
-        deps = [d.prefix for d in
-                pkg.spec.dependencies(deptype=('build', 'link'))]
-        deps = filter_system_paths(deps)
-        args.append(define('CMAKE_PREFIX_PATH', deps))
        return args

    @staticmethod
--- a/lib/spack/spack/build_systems/cuda.py
+++ b/lib/spack/spack/build_systems/cuda.py
@@ -3,10 +3,9 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-from spack.package import PackageBase
-from spack.directives import depends_on, variant, conflicts
-
 import spack.variant
+from spack.directives import conflicts, depends_on, variant
+from spack.package import PackageBase


 class CudaPackage(PackageBase):
@@ -79,47 +78,46 @@ def cuda_flags(arch_list):
    depends_on('cuda@11.0:',    when='cuda_arch=80')
    depends_on('cuda@11.1:',    when='cuda_arch=86')

-    # There are at least three cases to be aware of for compiler conflicts
-    # 1. Linux x86_64
-    # 2. Linux ppc64le
-    # 3. Mac OS X
-    # CUDA-compiler conflicts are version-to-version specific and are
-    # difficult to express with the current Spack conflict syntax
+    # From the NVIDIA install guide we know of conflicts for particular
+    # platforms (linux, darwin), architectures (x86, powerpc) and compilers
+    # (gcc, clang). We don't restrict %gcc and %clang conflicts to
+    # platform=linux, since they should also apply to platform=cray, and may
+    # apply to platform=darwin. We currently do not provide conflicts for
+    # platform=darwin with %apple-clang.

    # Linux x86_64 compiler conflicts from here:
    # https://gist.github.com/ax3l/9489132
-    arch_platform = ' target=x86_64: platform=linux'
-    conflicts('%gcc@5:', when='+cuda ^cuda@:7.5' + arch_platform)
-    conflicts('%gcc@6:', when='+cuda ^cuda@:8' + arch_platform)
-    conflicts('%gcc@7:', when='+cuda ^cuda@:9.1' + arch_platform)
-    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130' + arch_platform)
-    conflicts('%gcc@9:', when='+cuda ^cuda@:10.2.89' + arch_platform)
-    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
-    conflicts('%pgi@:14.8', when='+cuda ^cuda@:7.0.27' + arch_platform)
-    conflicts('%pgi@:15.3,15.5:', when='+cuda ^cuda@7.5' + arch_platform)
-    conflicts('%pgi@:16.2,16.0:16.3', when='+cuda ^cuda@8' + arch_platform)
-    conflicts('%pgi@:15,18:', when='+cuda ^cuda@9.0:9.1' + arch_platform)
-    conflicts('%pgi@:16,19:', when='+cuda ^cuda@9.2.88:10' + arch_platform)
+    conflicts('%gcc@5:', when='+cuda ^cuda@:7.5 target=x86_64:')
+    conflicts('%gcc@6:', when='+cuda ^cuda@:8 target=x86_64:')
+    conflicts('%gcc@7:', when='+cuda ^cuda@:9.1 target=x86_64:')
+    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130 target=x86_64:')
+    conflicts('%gcc@9:', when='+cuda ^cuda@:10.2.89 target=x86_64:')
+    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2: target=x86_64:')
+    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.3 target=x86_64:')
+    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0 target=x86_64:')
+    conflicts('%pgi@:14.8', when='+cuda ^cuda@:7.0.27 target=x86_64:')
+    conflicts('%pgi@:15.3,15.5:', when='+cuda ^cuda@7.5 target=x86_64:')
+    conflicts('%pgi@:16.2,16.0:16.3', when='+cuda ^cuda@8 target=x86_64:')
+    conflicts('%pgi@:15,18:', when='+cuda ^cuda@9.0:9.1 target=x86_64:')
+    conflicts('%pgi@:16,19:', when='+cuda ^cuda@9.2.88:10 target=x86_64:')
    conflicts('%pgi@:17,20:',
-              when='+cuda ^cuda@10.1.105:10.2.89' + arch_platform)
+              when='+cuda ^cuda@10.1.105:10.2.89 target=x86_64:')
    conflicts('%pgi@:17,21:',
-              when='+cuda ^cuda@11.0.2:11.1.0' + arch_platform)
-    conflicts('%clang@:3.4', when='+cuda ^cuda@:7.5' + arch_platform)
+              when='+cuda ^cuda@11.0.2:11.1.0 target=x86_64:')
+    conflicts('%clang@:3.4', when='+cuda ^cuda@:7.5 target=x86_64:')
    conflicts('%clang@:3.7,4:',
-              when='+cuda ^cuda@8.0:9.0' + arch_platform)
+              when='+cuda ^cuda@8.0:9.0 target=x86_64:')
    conflicts('%clang@:3.7,4.1:',
-              when='+cuda ^cuda@9.1' + arch_platform)
-    conflicts('%clang@:3.7,5.1:', when='+cuda ^cuda@9.2' + arch_platform)
-    conflicts('%clang@:3.7,6.1:', when='+cuda ^cuda@10.0.130' + arch_platform)
-    conflicts('%clang@:3.7,7.1:', when='+cuda ^cuda@10.1.105' + arch_platform)
+              when='+cuda ^cuda@9.1 target=x86_64:')
+    conflicts('%clang@:3.7,5.1:', when='+cuda ^cuda@9.2 target=x86_64:')
+    conflicts('%clang@:3.7,6.1:', when='+cuda ^cuda@10.0.130 target=x86_64:')
+    conflicts('%clang@:3.7,7.1:', when='+cuda ^cuda@10.1.105 target=x86_64:')
    conflicts('%clang@:3.7,8.1:',
-              when='+cuda ^cuda@10.1.105:10.1.243' + arch_platform)
-    conflicts('%clang@:3.2,9:', when='+cuda ^cuda@10.2.89' + arch_platform)
-    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
+              when='+cuda ^cuda@10.1.105:10.1.243 target=x86_64:')
+    conflicts('%clang@:3.2,9:', when='+cuda ^cuda@10.2.89 target=x86_64:')
+    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2: target=x86_64:')
+    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.3 target=x86_64:')
+    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0 target=x86_64:')

    # x86_64 vs. ppc64le differ according to NVidia docs
    # Linux ppc64le compiler conflicts from Table from the docs below:
@@ -129,27 +127,26 @@ def cuda_flags(arch_list):
    # https://docs.nvidia.com/cuda/archive/9.0/cuda-installation-guide-linux/index.html
    # https://docs.nvidia.com/cuda/archive/8.0/cuda-installation-guide-linux/index.html

-    arch_platform = ' target=ppc64le: platform=linux'
    # information prior to CUDA 9 difficult to find
-    conflicts('%gcc@6:', when='+cuda ^cuda@:9' + arch_platform)
-    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130' + arch_platform)
-    conflicts('%gcc@9:', when='+cuda ^cuda@:10.1.243' + arch_platform)
+    conflicts('%gcc@6:', when='+cuda ^cuda@:9 target=ppc64le:')
+    conflicts('%gcc@8:', when='+cuda ^cuda@:10.0.130 target=ppc64le:')
+    conflicts('%gcc@9:', when='+cuda ^cuda@:10.1.243 target=ppc64le:')
    # officially, CUDA 11.0.2 only supports the system GCC 8.3 on ppc64le
-    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
-    conflicts('%pgi', when='+cuda ^cuda@:8' + arch_platform)
-    conflicts('%pgi@:16', when='+cuda ^cuda@:9.1.185' + arch_platform)
-    conflicts('%pgi@:17', when='+cuda ^cuda@:10' + arch_platform)
-    conflicts('%clang@4:', when='+cuda ^cuda@:9.0.176' + arch_platform)
-    conflicts('%clang@5:', when='+cuda ^cuda@:9.1' + arch_platform)
-    conflicts('%clang@6:', when='+cuda ^cuda@:9.2' + arch_platform)
-    conflicts('%clang@7:', when='+cuda ^cuda@10.0.130' + arch_platform)
-    conflicts('%clang@7.1:', when='+cuda ^cuda@:10.1.105' + arch_platform)
-    conflicts('%clang@8.1:', when='+cuda ^cuda@:10.2.89' + arch_platform)
-    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2:' + arch_platform)
-    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.2' + arch_platform)
-    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0' + arch_platform)
+    conflicts('%gcc@:4', when='+cuda ^cuda@11.0.2: target=ppc64le:')
+    conflicts('%gcc@10:', when='+cuda ^cuda@:11.0.3 target=ppc64le:')
+    conflicts('%gcc@11:', when='+cuda ^cuda@:11.1.0 target=ppc64le:')
+    conflicts('%pgi', when='+cuda ^cuda@:8 target=ppc64le:')
+    conflicts('%pgi@:16', when='+cuda ^cuda@:9.1.185 target=ppc64le:')
+    conflicts('%pgi@:17', when='+cuda ^cuda@:10 target=ppc64le:')
+    conflicts('%clang@4:', when='+cuda ^cuda@:9.0.176 target=ppc64le:')
+    conflicts('%clang@5:', when='+cuda ^cuda@:9.1 target=ppc64le:')
+    conflicts('%clang@6:', when='+cuda ^cuda@:9.2 target=ppc64le:')
+    conflicts('%clang@7:', when='+cuda ^cuda@10.0.130 target=ppc64le:')
+    conflicts('%clang@7.1:', when='+cuda ^cuda@:10.1.105 target=ppc64le:')
+    conflicts('%clang@8.1:', when='+cuda ^cuda@:10.2.89 target=ppc64le:')
+    conflicts('%clang@:5', when='+cuda ^cuda@11.0.2: target=ppc64le:')
+    conflicts('%clang@10:', when='+cuda ^cuda@:11.0.3 target=ppc64le:')
+    conflicts('%clang@11:', when='+cuda ^cuda@:11.1.0 target=ppc64le:')

    # Intel is mostly relevant for x86_64 Linux, even though it also
    # exists for Mac OS X. No information prior to CUDA 3.2 or Intel 11.1
@@ -171,15 +168,8 @@ def cuda_flags(arch_list):
    conflicts('%xl@:12,14:15,17:', when='+cuda ^cuda@9.2')
    conflicts('%xl@:12,17:', when='+cuda ^cuda@:11.1.0')

-    # Mac OS X
-    # platform = ' platform=darwin'
-    # Apple XCode clang vs. LLVM clang are difficult to specify
-    # with spack syntax. Xcode clang name is `clang@x.y.z-apple`
-    # which precludes ranges being specified. We have proposed
-    # rename XCode clang to `clang@apple-x.y.z` or even
-    # `clang-apple@x.y.z as a possible fix.
-    # Compiler conflicts will be eventual taken from here:
-    # https://docs.nvidia.com/cuda/cuda-installation-guide-mac-os-x/index.html#abstract
+    # Darwin.
+    # TODO: add missing conflicts for %apple-clang cuda@:10
    conflicts('platform=darwin', when='+cuda ^cuda@11.0.2:')

    # Make sure cuda_arch can not be used without +cuda
--- a/lib/spack/spack/build_systems/gnu.py
+++ b/lib/spack/spack/build_systems/gnu.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class GNUMirrorPackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/intel.py
+++ b/lib/spack/spack/build_systems/intel.py
@@ -4,26 +4,32 @@
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)


-import os
-import sys
 import glob
-import tempfile
-import re
 import inspect
+import os
+import re
+import sys
+import tempfile
 import xml.etree.ElementTree as ElementTree
+
 import llnl.util.tty as tty
+from llnl.util.filesystem import (
+    HeaderList,
+    LibraryList,
+    ancestor,
+    filter_file,
+    find_headers,
+    find_libraries,
+    find_system_libraries,
+    install,
+)

-from llnl.util.filesystem import \
-    install, ancestor, filter_file, \
-    HeaderList, find_headers, \
-    LibraryList, find_libraries, find_system_libraries
-
-from spack.version import Version, ver
-from spack.package import PackageBase, run_after, InstallError
+from spack.build_environment import dso_suffix
+from spack.package import InstallError, PackageBase, run_after
 from spack.util.environment import EnvironmentModifications
 from spack.util.executable import Executable
 from spack.util.prefix import Prefix
-from spack.build_environment import dso_suffix
+from spack.version import Version, ver

 # A couple of utility functions that might be useful in general. If so, they
 # should really be defined elsewhere, unless deemed heretical.
@@ -151,7 +157,7 @@ def license_files(self):
                '+advisor':    'advisor',
                '+inspector':  'inspector',
                '+itac':       'itac',
-                '+vtune':      'vtune_amplifier',
+                '+vtune':      'vtune_profiler',
            }.items():
                if variant in self.spec:
                    dirs.append(self.normalize_path(
@@ -202,7 +208,8 @@ def pset_components(self):
            '+itac':      ' intel-itac intel-ta intel-tc'
                          ' intel-trace-analyzer intel-trace-collector',
                          # Trace Analyzer and Collector
-            '+vtune':     ' intel-vtune-amplifier',    # VTune
+            '+vtune':     ' intel-vtune'
+                          # VTune, ..-profiler since 2020, ..-amplifier before
        }.items():
            if variant in self.spec:
                c += components_to_add
@@ -535,8 +542,9 @@ def normalize_path(self, component_path, component_suite_dir=None,
            [None,              '2016:', 'compilers_and_libraries'],
            ['advisor',         ':2016', 'advisor_xe'],
            ['inspector',       ':2016', 'inspector_xe'],
-            ['vtune_amplifier', ':2017', 'vtune_amplifier_xe'],
+            ['vtune_profiler',  ':2017', 'vtune_amplifier_xe'],
            ['vtune',           ':2017', 'vtune_amplifier_xe'],  # alt.
+            ['vtune_profiler',  ':2019', 'vtune_amplifier'],
            ['itac',            ':',     'itac',  [os.sep + standalone_glob]],
        ]:
            if cs == rename_rule[0] and v.satisfies(ver(rename_rule[1])):
@@ -1087,7 +1095,7 @@ def _setup_dependent_env_callback(
                # Intel MPI since 2019 depends on libfabric which is not in the
                # lib directory but in a directory of its own which should be
                # included in the rpath
-                if self.version >= ver('2019'):
+                if self.version_yearlike >= ver('2019'):
                    d = ancestor(self.component_lib_dir('mpi'))
                    libfabrics_path = os.path.join(d, 'libfabric', 'lib')
                    env.append_path('SPACK_COMPILER_EXTRA_RPATHS',
--- a/lib/spack/spack/build_systems/makefile.py
+++ b/lib/spack/spack/build_systems/makefile.py
@@ -9,6 +9,7 @@

 import llnl.util.tty as tty
 from llnl.util.filesystem import working_dir
+
 from spack.package import PackageBase, run_after


--- a/lib/spack/spack/build_systems/maven.py
+++ b/lib/spack/spack/build_systems/maven.py
@@ -5,6 +5,7 @@


 from llnl.util.filesystem import install_tree, working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after
 from spack.util.executable import which
--- a/lib/spack/spack/build_systems/meson.py
+++ b/lib/spack/spack/build_systems/meson.py
@@ -9,6 +9,7 @@
 from typing import List  # novm

 from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on, variant
 from spack.package import PackageBase, run_after

@@ -52,9 +53,12 @@ class MesonPackage(PackageBase):

    build_time_test_callbacks = ['check']

-    variant('buildtype', default='release',
+    variant('buildtype', default='debugoptimized',
            description='Meson build type',
            values=('plain', 'debug', 'debugoptimized', 'release', 'minsize'))
+    variant('default_library', default='shared', values=('shared', 'static'),
+            multi=True, description='Build shared libs, static libs or both')
+    variant('strip', default=False, description='Strip targets on install')

    depends_on('meson', type='build')
    depends_on('ninja', type='build')
@@ -96,6 +100,15 @@ def _std_args(pkg):
        except KeyError:
            build_type = 'release'

+        strip = 'true' if '+strip' in pkg.spec else 'false'
+
+        if 'default_library=static,shared' in pkg.spec:
+            default_library = 'both'
+        elif 'default_library=static' in pkg.spec:
+            default_library = 'static'
+        else:
+            default_library = 'shared'
+
        args = [
            '--prefix={0}'.format(pkg.prefix),
            # If we do not specify libdir explicitly, Meson chooses something
@@ -103,8 +116,9 @@ def _std_args(pkg):
            # find libraries and pkg-config files.
            # See https://github.com/mesonbuild/meson/issues/2197
            '--libdir={0}'.format(pkg.prefix.lib),
-            '--buildtype={0}'.format(build_type),
-            '--strip',
+            '-Dbuildtype={0}'.format(build_type),
+            '-Dstrip={0}'.format(strip),
+            '-Ddefault_library={0}'.format(default_library)
        ]

        return args
@@ -131,6 +145,7 @@ def meson_args(self):
        * ``--libdir``
        * ``--buildtype``
        * ``--strip``
+        * ``--default_library``

        which will be set automatically.

--- a/lib/spack/spack/build_systems/oneapi.py
+++ b/lib/spack/spack/build_systems/oneapi.py
@@ -7,15 +7,17 @@

 """

-from sys import platform
-from os.path import basename, dirname, isdir, join
+import getpass
+import platform
+import shutil
+from os.path import basename, dirname, isdir
+
+from llnl.util.filesystem import find_headers, find_libraries, join_path

 from spack.package import Package
 from spack.util.environment import EnvironmentModifications
 from spack.util.executable import Executable

-from llnl.util.filesystem import find_headers, find_libraries
-

 class IntelOneApiPackage(Package):
    """Base class for Intel oneAPI packages."""
@@ -33,6 +35,11 @@ def component_dir(self):
        """Subdirectory for this component in the install prefix."""
        raise NotImplementedError

+    @property
+    def component_path(self):
+        """Path to component <prefix>/<component>/<version>."""
+        return join_path(self.prefix, self.component_dir, str(self.spec.version))
+
    def install(self, spec, prefix, installer_path=None):
        """Shared install method for all oneapi packages."""

@@ -41,7 +48,23 @@ def install(self, spec, prefix, installer_path=None):
        if installer_path is None:
            installer_path = basename(self.url_for_version(spec.version))

-        if platform == 'linux':
+        if platform.system() == 'Linux':
+            # Intel installer assumes and enforces that all components
+            # are installed into a single prefix. Spack wants to
+            # install each component in a separate prefix. The
+            # installer mechanism is implemented by saving install
+            # information in a directory called installercache for
+            # future runs. The location of the installercache depends
+            # on the userid. For root it is always in /var/intel. For
+            # non-root it is in $HOME/intel.
+            #
+            # The method for preventing this install from interfering
+            # with other install depends on the userid. For root, we
+            # delete the installercache before and after install. For
+            # non root we redefine the HOME environment variable.
+            if getpass.getuser() == 'root':
+                shutil.rmtree('/var/intel/installercache', ignore_errors=True)
+
            bash = Executable('bash')

            # Installer writes files in ~/intel set HOME so it goes to prefix
@@ -52,22 +75,24 @@ def install(self, spec, prefix, installer_path=None):
                 '--eula', 'accept',
                 '--install-dir', prefix)

+            if getpass.getuser() == 'root':
+                shutil.rmtree('/var/intel/installercache', ignore_errors=True)
+
        # Some installers have a bug and do not return an error code when failing
-        if not isdir(join(prefix, self.component_dir)):
+        if not isdir(join_path(prefix, self.component_dir)):
            raise RuntimeError('install failed')

    def setup_run_environment(self, env):
-
        """Adds environment variables to the generated module file.

        These environment variables come from running:

        .. code-block:: console

-           $ source {prefix}/setvars.sh --force
+           $ source {prefix}/{component}/{version}/env/vars.sh
        """
        env.extend(EnvironmentModifications.from_sourcing_file(
-            join(self.prefix, self.component_dir, 'latest/env/vars.sh')))
+            join_path(self.component_path, 'env', 'vars.sh')))


 class IntelOneApiLibraryPackage(IntelOneApiPackage):
@@ -75,12 +100,11 @@ class IntelOneApiLibraryPackage(IntelOneApiPackage):

    @property
    def headers(self):
-        include_path = '%s/%s/latest/include' % (
-            self.prefix, self.component_dir)
+        include_path = join_path(self.component_path, 'include')
        return find_headers('*', include_path, recursive=True)

    @property
    def libs(self):
-        lib_path = '%s/%s/latest/lib/intel64' % (self.prefix, self.component_dir)
+        lib_path = join_path(self.component_path, 'lib', 'intel64')
        lib_path = lib_path if isdir(lib_path) else dirname(lib_path)
        return find_libraries('*', root=lib_path, shared=True, recursive=True)
--- a/lib/spack/spack/build_systems/perl.py
+++ b/lib/spack/spack/build_systems/perl.py
@@ -7,10 +7,11 @@
 import inspect
 import os

+from llnl.util.filesystem import filter_file
+
 from spack.directives import extends
 from spack.package import PackageBase, run_after
 from spack.util.executable import Executable
-from llnl.util.filesystem import filter_file


 class PerlPackage(PackageBase):
--- a/lib/spack/spack/build_systems/python.py
+++ b/lib/spack/spack/build_systems/python.py
@@ -6,14 +6,20 @@
 import os
 import shutil

+import llnl.util.tty as tty
+from llnl.util.filesystem import (
+    filter_file,
+    find,
+    get_filetype,
+    path_contains_subdirectory,
+    same_path,
+    working_dir,
+)
+from llnl.util.lang import match_predicate
+
 from spack.directives import extends
 from spack.package import PackageBase, run_after

-from llnl.util.filesystem import (working_dir, get_filetype, filter_file,
-                                  path_contains_subdirectory, same_path, find)
-from llnl.util.lang import match_predicate
-import llnl.util.tty as tty
-

 class PythonPackage(PackageBase):
    """Specialized class for packages that are built using Python
--- a/lib/spack/spack/build_systems/qmake.py
+++ b/lib/spack/spack/build_systems/qmake.py
@@ -7,6 +7,7 @@
 import inspect

 from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after

--- a/lib/spack/spack/build_systems/rocm.py
+++ b/lib/spack/spack/build_systems/rocm.py
@@ -75,10 +75,9 @@
 #    does not like its directory structure.
 #

-from spack.package import PackageBase
-from spack.directives import depends_on, variant, conflicts
-
 import spack.variant
+from spack.directives import conflicts, depends_on, variant
+from spack.package import PackageBase


 class ROCmPackage(PackageBase):
--- a/lib/spack/spack/build_systems/sip.py
+++ b/lib/spack/spack/build_systems/sip.py
@@ -6,10 +6,11 @@
 import inspect
 import os

-from llnl.util.filesystem import find, working_dir, join_path
+import llnl.util.tty as tty
+from llnl.util.filesystem import find, join_path, working_dir
+
 from spack.directives import depends_on, extends
 from spack.package import PackageBase, run_after
-import llnl.util.tty as tty


 class SIPPackage(PackageBase):
--- a/lib/spack/spack/build_systems/sourceforge.py
+++ b/lib/spack/spack/build_systems/sourceforge.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class SourceforgePackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/sourceware.py
+++ b/lib/spack/spack/build_systems/sourceware.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class SourcewarePackage(spack.package.PackageBase):
--- a/lib/spack/spack/build_systems/waf.py
+++ b/lib/spack/spack/build_systems/waf.py
@@ -6,11 +6,11 @@

 import inspect

+from llnl.util.filesystem import working_dir
+
 from spack.directives import depends_on
 from spack.package import PackageBase, run_after

-from llnl.util.filesystem import working_dir
-

 class WafPackage(PackageBase):
    """Specialized class for packages that are built using the
--- a/lib/spack/spack/build_systems/xorg.py
+++ b/lib/spack/spack/build_systems/xorg.py
@@ -3,8 +3,8 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

-import spack.util.url
 import spack.package
+import spack.util.url


 class XorgPackage(spack.package.PackageBase):
--- a/lib/spack/spack/caches.py
+++ b/lib/spack/spack/caches.py
@@ -9,15 +9,15 @@
 import llnl.util.lang
 from llnl.util.filesystem import mkdirp

-import spack.error
-import spack.paths
 import spack.config
+import spack.error
 import spack.fetch_strategy
+import spack.paths
 import spack.util.file_cache
 import spack.util.path


-def _misc_cache():
+def misc_cache_location():
    """The ``misc_cache`` is Spack's cache for small data.

    Currently the ``misc_cache`` stores indexes for virtual dependency
@@ -27,7 +27,11 @@ def _misc_cache():
    if not path:
        path = os.path.join(spack.paths.user_config_path, 'cache')
    path = spack.util.path.canonicalize_path(path)
+    return path

+
+def _misc_cache():
+    path = misc_cache_location()
    return spack.util.file_cache.FileCache(path)


@@ -35,7 +39,7 @@ def _misc_cache():
 misc_cache = llnl.util.lang.Singleton(_misc_cache)


-def _fetch_cache():
+def fetch_cache_location():
    """Filesystem cache of downloaded archives.

    This prevents Spack from repeatedly fetch the same files when
@@ -45,7 +49,11 @@ def _fetch_cache():
    if not path:
        path = os.path.join(spack.paths.var_path, "cache")
    path = spack.util.path.canonicalize_path(path)
+    return path

+
+def _fetch_cache():
+    path = fetch_cache_location()
    return spack.fetch_strategy.FsCache(path)


--- a/lib/spack/spack/ci.py
+++ b/lib/spack/spack/ci.py
@@ -10,14 +10,16 @@
 import os
 import re
 import shutil
+import stat
 import tempfile
-import zlib
+import zipfile

 from six import iteritems
 from six.moves.urllib.error import HTTPError, URLError
 from six.moves.urllib.parse import urlencode
-from six.moves.urllib.request import build_opener, HTTPHandler, Request
+from six.moves.urllib.request import HTTPHandler, Request, build_opener

+import llnl.util.filesystem as fs
 import llnl.util.tty as tty

 import spack
@@ -26,16 +28,17 @@
 import spack.compilers as compilers
 import spack.config as cfg
 import spack.environment as ev
-from spack.error import SpackError
-import spack.hash_types as ht
 import spack.main
+import spack.mirror
+import spack.paths
 import spack.repo
-from spack.spec import Spec
-import spack.util.spack_yaml as syaml
-import spack.util.web as web_util
+import spack.util.executable as exe
 import spack.util.gpg as gpg_util
+import spack.util.spack_yaml as syaml
 import spack.util.url as url_util
-
+import spack.util.web as web_util
+from spack.error import SpackError
+from spack.spec import Spec

 JOB_RETRY_CONDITIONS = [
    'always',
@@ -77,7 +80,8 @@ def _create_buildgroup(opener, headers, url, project, group_name, group_type):
    if response_code != 200 and response_code != 201:
        msg = 'Creating buildgroup failed (response code = {0}'.format(
            response_code)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return None

    response_text = response.read()
    response_json = json.loads(response_text)
@@ -106,7 +110,8 @@ def populate_buildgroup(job_names, group_name, project, site,
    if not parent_group_id or not group_id:
        msg = 'Failed to create or retrieve buildgroups for {0}'.format(
            group_name)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return

    data = {
        'project': project,
@@ -129,7 +134,7 @@ def populate_buildgroup(job_names, group_name, project, site,
    if response_code != 200:
        msg = 'Error response code ({0}) in populate_buildgroup'.format(
            response_code)
-        raise SpackError(msg)
+        tty.warn(msg)


 def is_main_phase(phase_name):
@@ -197,10 +202,7 @@ def format_root_spec(spec, main_phase, strip_compiler):
        return '{0}@{1} arch={2}'.format(
            spec.name, spec.version, spec.architecture)
    else:
-        spec_yaml = spec.to_yaml(hash=ht.build_hash).encode('utf-8')
-        return str(base64.b64encode(zlib.compress(spec_yaml)).decode('utf-8'))
-        # return '{0}@{1}%{2} arch={3}'.format(
-        #     spec.name, spec.version, spec.compiler, spec.architecture)
+        return spec.build_hash()


 def spec_deps_key(s):
@@ -506,35 +508,21 @@ def format_job_needs(phase_name, strip_compilers, dep_jobs,
                'job': get_job_name(phase_name,
                                    strip_compilers,
                                    dep_job,
-                                    osname,
+                                    dep_job.architecture,
                                    build_group),
                'artifacts': enable_artifacts_buildcache,
            })
    return needs_list


-def add_pr_mirror(url):
-    cfg_scope = cfg.default_modify_scope()
-    mirrors = cfg.get('mirrors', scope=cfg_scope)
-    items = [(n, u) for n, u in mirrors.items()]
-    items.insert(0, ('ci_pr_mirror', url))
-    cfg.set('mirrors', syaml.syaml_dict(items), scope=cfg_scope)
-
-
-def remove_pr_mirror():
-    cfg_scope = cfg.default_modify_scope()
-    mirrors = cfg.get('mirrors', scope=cfg_scope)
-    mirrors.pop('ci_pr_mirror')
-    cfg.set('mirrors', mirrors, scope=cfg_scope)
-
-
-def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
-                            check_index_only=False, run_optimizer=False,
-                            use_dependencies=False):
-    # FIXME: What's the difference between one that opens with 'spack'
-    # and one that opens with 'env'?  This will only handle the former.
+def generate_gitlab_ci_yaml(env, print_summary, output_file,
+                            prune_dag=False, check_index_only=False,
+                            run_optimizer=False, use_dependencies=False,
+                            artifacts_root=None):
    with spack.concretize.disable_compiler_existence_check():
-        env.concretize()
+        with env.write_transaction():
+            env.concretize()
+            env.write()

    yaml_root = ev.config_dict(env.yaml)

@@ -559,9 +547,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
            tty.verbose("Using CDash auth token from environment")
            cdash_auth_token = os.environ.get('SPACK_CDASH_AUTH_TOKEN')

-    is_pr_pipeline = (
-        os.environ.get('SPACK_IS_PR_PIPELINE', '').lower() == 'true'
-    )
+    generate_job_name = os.environ.get('CI_JOB_NAME', None)
+    parent_pipeline_id = os.environ.get('CI_PIPELINE_ID', None)
+
+    spack_pipeline_type = os.environ.get('SPACK_PIPELINE_TYPE', None)
+    is_pr_pipeline = spack_pipeline_type == 'spack_pull_request'

    spack_pr_branch = os.environ.get('SPACK_PR_BRANCH', None)
    pr_mirror_url = None
@@ -574,6 +564,14 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,

    ci_mirrors = yaml_root['mirrors']
    mirror_urls = [url for url in ci_mirrors.values()]
+    remote_mirror_url = mirror_urls[0]
+
+    # Check for a list of "known broken" specs that we should not bother
+    # trying to build.
+    broken_specs_url = ''
+    known_broken_specs_encountered = []
+    if 'broken-specs-url' in gitlab_ci:
+        broken_specs_url = gitlab_ci['broken-specs-url']

    enable_artifacts_buildcache = False
    if 'enable-artifacts-buildcache' in gitlab_ci:
@@ -617,7 +615,51 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
    # Add this mirror if it's enabled, as some specs might be up to date
    # here and thus not need to be rebuilt.
    if pr_mirror_url:
-        add_pr_mirror(pr_mirror_url)
+        spack.mirror.add(
+            'ci_pr_mirror', pr_mirror_url, cfg.default_modify_scope())
+
+    pipeline_artifacts_dir = artifacts_root
+    if not pipeline_artifacts_dir:
+        proj_dir = os.environ.get('CI_PROJECT_DIR', os.getcwd())
+        pipeline_artifacts_dir = os.path.join(proj_dir, 'jobs_scratch_dir')
+
+    pipeline_artifacts_dir = os.path.abspath(pipeline_artifacts_dir)
+    concrete_env_dir = os.path.join(
+        pipeline_artifacts_dir, 'concrete_environment')
+
+    # Now that we've added the mirrors we know about, they should be properly
+    # reflected in the environment manifest file, so copy that into the
+    # concrete environment directory, along with the spack.lock file.
+    if not os.path.exists(concrete_env_dir):
+        os.makedirs(concrete_env_dir)
+    shutil.copyfile(env.manifest_path,
+                    os.path.join(concrete_env_dir, 'spack.yaml'))
+    shutil.copyfile(env.lock_path,
+                    os.path.join(concrete_env_dir, 'spack.lock'))
+
+    job_log_dir = os.path.join(pipeline_artifacts_dir, 'logs')
+    job_repro_dir = os.path.join(pipeline_artifacts_dir, 'reproduction')
+    local_mirror_dir = os.path.join(pipeline_artifacts_dir, 'mirror')
+    user_artifacts_dir = os.path.join(pipeline_artifacts_dir, 'user_data')
+
+    # We communicate relative paths to the downstream jobs to avoid issues in
+    # situations where the CI_PROJECT_DIR varies between the pipeline
+    # generation job and the rebuild jobs.  This can happen when gitlab
+    # checks out the project into a runner-specific directory, for example,
+    # and different runners are picked for generate and rebuild jobs.
+    ci_project_dir = os.environ.get('CI_PROJECT_DIR')
+    rel_artifacts_root = os.path.relpath(
+        pipeline_artifacts_dir, ci_project_dir)
+    rel_concrete_env_dir = os.path.relpath(
+        concrete_env_dir, ci_project_dir)
+    rel_job_log_dir = os.path.relpath(
+        job_log_dir, ci_project_dir)
+    rel_job_repro_dir = os.path.relpath(
+        job_repro_dir, ci_project_dir)
+    rel_local_mirror_dir = os.path.relpath(
+        local_mirror_dir, ci_project_dir)
+    rel_user_artifacts_dir = os.path.relpath(
+        user_artifacts_dir, ci_project_dir)

    # Speed up staging by first fetching binary indices from all mirrors
    # (including the per-PR mirror we may have just added above).
@@ -634,7 +676,7 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
    finally:
        # Clean up PR mirror if enabled
        if pr_mirror_url:
-            remove_pr_mirror()
+            spack.mirror.remove('ci_pr_mirror', cfg.default_modify_scope())

    all_job_names = []
    output_object = {}
@@ -664,6 +706,9 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                root_spec = spec_record['rootSpec']
                pkg_name = pkg_name_from_spec_label(spec_label)
                release_spec = root_spec[pkg_name]
+                release_spec_full_hash = release_spec.full_hash()
+                release_spec_dag_hash = release_spec.dag_hash()
+                release_spec_build_hash = release_spec.build_hash()

                runner_attribs = find_matching_config(
                    release_spec, gitlab_ci)
@@ -690,10 +735,15 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                    except AttributeError:
                        image_name = build_image

-                job_script = [
-                    'spack env activate --without-view .',
-                    'spack ci rebuild',
-                ]
+                job_script = ['spack env activate --without-view .']
+
+                if artifacts_root:
+                    job_script.insert(0, 'cd {0}'.format(concrete_env_dir))
+
+                job_script.extend([
+                    'spack ci rebuild'
+                ])
+
                if 'script' in runner_attribs:
                    job_script = [s for s in runner_attribs['script']]

@@ -720,9 +770,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                job_vars = {
                    'SPACK_ROOT_SPEC': format_root_spec(
                        root_spec, main_phase, strip_compilers),
+                    'SPACK_JOB_SPEC_DAG_HASH': release_spec_dag_hash,
+                    'SPACK_JOB_SPEC_BUILD_HASH': release_spec_build_hash,
+                    'SPACK_JOB_SPEC_FULL_HASH': release_spec_full_hash,
                    'SPACK_JOB_SPEC_PKG_NAME': release_spec.name,
-                    'SPACK_COMPILER_ACTION': compiler_action,
-                    'SPACK_IS_PR_PIPELINE': str(is_pr_pipeline),
+                    'SPACK_COMPILER_ACTION': compiler_action
                }

                job_dependencies = []
@@ -821,6 +873,21 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                if prune_dag and not rebuild_spec:
                    continue

+                # Check if this spec is in our list of known failures, now that
+                # we know this spec needs a rebuild
+                if broken_specs_url:
+                    broken_spec_path = url_util.join(
+                        broken_specs_url, release_spec_full_hash)
+                    if web_util.url_exists(broken_spec_path):
+                        known_broken_specs_encountered.append('{0} ({1})'.format(
+                            release_spec, release_spec_full_hash))
+
+                if artifacts_root:
+                    job_dependencies.append({
+                        'job': generate_job_name,
+                        'pipeline': '{0}'.format(parent_pipeline_id)
+                    })
+
                job_vars['SPACK_SPEC_NEEDS_REBUILD'] = str(rebuild_spec)

                if enable_cdash_reporting:
@@ -841,12 +908,14 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                variables.update(job_vars)

                artifact_paths = [
-                    'jobs_scratch_dir',
-                    'cdash_report',
+                    rel_job_log_dir,
+                    rel_job_repro_dir,
+                    rel_user_artifacts_dir
                ]

                if enable_artifacts_buildcache:
-                    bc_root = 'local_mirror/build_cache'
+                    bc_root = os.path.join(
+                        local_mirror_dir, 'build_cache')
                    artifact_paths.extend([os.path.join(bc_root, p) for p in [
                        bindist.tarball_name(release_spec, '.spec.yaml'),
                        bindist.tarball_name(release_spec, '.cdashid'),
@@ -972,6 +1041,11 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
            ]
            final_job['when'] = 'always'

+            if artifacts_root:
+                final_job['variables'] = {
+                    'SPACK_CONCRETE_ENV_DIR': concrete_env_dir
+                }
+
            output_object['rebuild-index'] = final_job

        output_object['stages'] = stage_names
@@ -992,8 +1066,15 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,
                version_to_clone = spack_version

        output_object['variables'] = {
+            'SPACK_ARTIFACTS_ROOT': rel_artifacts_root,
+            'SPACK_CONCRETE_ENV_DIR': rel_concrete_env_dir,
            'SPACK_VERSION': spack_version,
            'SPACK_CHECKOUT_VERSION': version_to_clone,
+            'SPACK_REMOTE_MIRROR_URL': remote_mirror_url,
+            'SPACK_JOB_LOG_DIR': rel_job_log_dir,
+            'SPACK_JOB_REPRO_DIR': rel_job_repro_dir,
+            'SPACK_LOCAL_MIRROR_DIR': rel_local_mirror_dir,
+            'SPACK_PIPELINE_TYPE': str(spack_pipeline_type)
        }

        if pr_mirror_url:
@@ -1029,6 +1110,14 @@ def generate_gitlab_ci_yaml(env, print_summary, output_file, prune_dag=False,

        sorted_output = {'no-specs-to-rebuild': noop_job}

+    if known_broken_specs_encountered:
+        error_msg = (
+            'Pipeline generation failed due to the presence of the '
+            'following specs that are known to be broken in develop:\n')
+        for broken_spec in known_broken_specs_encountered:
+            error_msg += '* {0}\n'.format(broken_spec)
+        tty.die(error_msg)
+
    with open(output_file, 'w') as outf:
        outf.write(syaml.dump_config(sorted_output, default_flow_style=True))

@@ -1108,7 +1197,8 @@ def configure_compilers(compiler_action, scope=None):
    return None


-def get_concrete_specs(root_spec, job_name, related_builds, compiler_action):
+def get_concrete_specs(env, root_spec, job_name, related_builds,
+                       compiler_action):
    spec_map = {
        'root': None,
        'deps': {},
@@ -1130,8 +1220,7 @@ def get_concrete_specs(root_spec, job_name, related_builds, compiler_action):
        # again.  The reason we take this path in the first case (bootstrapped
        # compiler), is that we can't concretize a spec at this point if we're
        # going to ask spack to "install_missing_compilers".
-        concrete_root = Spec.from_yaml(
-            str(zlib.decompress(base64.b64decode(root_spec)).decode('utf-8')))
+        concrete_root = env.specs_by_hash[root_spec]

    spec_map['root'] = concrete_root
    spec_map[job_name] = concrete_root[job_name]
@@ -1172,7 +1261,8 @@ def register_cdash_build(build_name, base_url, project, site, track):

    if response_code != 200 and response_code != 201:
        msg = 'Adding build failed (response code = {0}'.format(response_code)
-        raise SpackError(msg)
+        tty.warn(msg)
+        return (None, None)

    response_text = response.read()
    response_json = json.loads(response_text)
@@ -1182,7 +1272,7 @@ def register_cdash_build(build_name, base_url, project, site, track):


 def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,
-                        cdashids_mirror_url):
+                        cdashids_mirror_urls):
    if not job_build_id:
        return

@@ -1198,7 +1288,20 @@ def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,
    for dep_pkg_name in dep_map:
        tty.debug('Fetching cdashid file for {0}'.format(dep_pkg_name))
        dep_spec = dep_map[dep_pkg_name]
-        dep_build_id = read_cdashid_from_mirror(dep_spec, cdashids_mirror_url)
+        dep_build_id = None
+
+        for url in cdashids_mirror_urls:
+            try:
+                if url:
+                    dep_build_id = read_cdashid_from_mirror(dep_spec, url)
+                    break
+            except web_util.SpackWebError:
+                tty.debug('Did not find cdashid for {0} on {1}'.format(
+                    dep_pkg_name, url))
+        else:
+            tty.warn('Did not find cdashid for {0} anywhere'.format(
+                dep_pkg_name))
+            return

        payload = {
            "project": cdash_project,
@@ -1219,7 +1322,8 @@ def relate_cdash_builds(spec_map, cdash_base_url, job_build_id, cdash_project,
        if response_code != 200 and response_code != 201:
            msg = 'Relate builds ({0} -> {1}) failed (resp code = {2})'.format(
                job_build_id, dep_build_id, response_code)
-            raise SpackError(msg)
+            tty.warn(msg)
+            return

        response_text = response.read()
        tty.debug('Relate builds response: {0}'.format(response_text))
@@ -1242,7 +1346,16 @@ def write_cdashid_to_mirror(cdashid, spec, mirror_url):
        tty.debug('pushing cdashid to url')
        tty.debug('  local file path: {0}'.format(local_cdash_path))
        tty.debug('  remote url: {0}'.format(remote_url))
-        web_util.push_to_url(local_cdash_path, remote_url)
+
+        try:
+            web_util.push_to_url(local_cdash_path, remote_url)
+        except Exception as inst:
+            # No matter what went wrong here, don't allow the pipeline to fail
+            # just because there was an issue storing the cdashid on the mirror
+            msg = 'Failed to write cdashid {0} to mirror {1}'.format(
+                cdashid, mirror_url)
+            tty.warn(inst)
+            tty.warn(msg)


 def read_cdashid_from_mirror(spec, mirror_url):
@@ -1260,40 +1373,34 @@ def read_cdashid_from_mirror(spec, mirror_url):
    return int(contents)


-def push_mirror_contents(env, spec, yaml_path, mirror_url, build_id,
-                         sign_binaries):
-    if mirror_url:
-        try:
-            unsigned = not sign_binaries
-            tty.debug('Creating buildcache ({0})'.format(
-                'unsigned' if unsigned else 'signed'))
-            spack.cmd.buildcache._createtarball(
-                env, spec_yaml=yaml_path, add_deps=False,
-                output_location=mirror_url, force=True, allow_root=True,
-                unsigned=unsigned)
-            if build_id:
-                tty.debug('Writing cdashid ({0}) to remote mirror: {1}'.format(
-                    build_id, mirror_url))
-                write_cdashid_to_mirror(build_id, spec, mirror_url)
-        except Exception as inst:
-            # If the mirror we're pushing to is on S3 and there's some
-            # permissions problem, for example, we can't just target
-            # that exception type here, since users of the
-            # `spack ci rebuild' may not need or want any dependency
-            # on boto3.  So we use the first non-boto exception type
-            # in the heirarchy:
-            #     boto3.exceptions.S3UploadFailedError
-            #     boto3.exceptions.Boto3Error
-            #     Exception
-            #     BaseException
-            #     object
-            err_msg = 'Error msg: {0}'.format(inst)
-            if 'Access Denied' in err_msg:
-                tty.msg('Permission problem writing to {0}'.format(
-                    mirror_url))
-                tty.msg(err_msg)
-            else:
-                raise inst
+def push_mirror_contents(env, spec, yaml_path, mirror_url, sign_binaries):
+    try:
+        unsigned = not sign_binaries
+        tty.debug('Creating buildcache ({0})'.format(
+            'unsigned' if unsigned else 'signed'))
+        spack.cmd.buildcache._createtarball(
+            env, spec_yaml=yaml_path, add_deps=False,
+            output_location=mirror_url, force=True, allow_root=True,
+            unsigned=unsigned)
+    except Exception as inst:
+        # If the mirror we're pushing to is on S3 and there's some
+        # permissions problem, for example, we can't just target
+        # that exception type here, since users of the
+        # `spack ci rebuild' may not need or want any dependency
+        # on boto3.  So we use the first non-boto exception type
+        # in the heirarchy:
+        #     boto3.exceptions.S3UploadFailedError
+        #     boto3.exceptions.Boto3Error
+        #     Exception
+        #     BaseException
+        #     object
+        err_msg = 'Error msg: {0}'.format(inst)
+        if 'Access Denied' in err_msg:
+            tty.msg('Permission problem writing to {0}'.format(
+                mirror_url))
+            tty.msg(err_msg)
+        else:
+            raise inst


 def copy_stage_logs_to_artifacts(job_spec, job_log_dir):
@@ -1312,3 +1419,307 @@ def copy_stage_logs_to_artifacts(job_spec, job_log_dir):
        msg = ('Unable to copy build logs from stage to artifacts '
               'due to exception: {0}').format(inst)
        tty.error(msg)
+
+
+def download_and_extract_artifacts(url, work_dir):
+    tty.msg('Fetching artifacts from: {0}\n'.format(url))
+
+    headers = {
+        'Content-Type': 'application/zip',
+    }
+
+    token = os.environ.get('GITLAB_PRIVATE_TOKEN', None)
+    if token:
+        headers['PRIVATE-TOKEN'] = token
+
+    opener = build_opener(HTTPHandler)
+
+    request = Request(url, headers=headers)
+    request.get_method = lambda: 'GET'
+
+    response = opener.open(request)
+    response_code = response.getcode()
+
+    if response_code != 200:
+        msg = 'Error response code ({0}) in reproduce_ci_job'.format(
+            response_code)
+        raise SpackError(msg)
+
+    artifacts_zip_path = os.path.join(work_dir, 'artifacts.zip')
+
+    if not os.path.exists(work_dir):
+        os.makedirs(work_dir)
+
+    with open(artifacts_zip_path, 'wb') as out_file:
+        shutil.copyfileobj(response, out_file)
+
+    zip_file = zipfile.ZipFile(artifacts_zip_path)
+    zip_file.extractall(work_dir)
+    zip_file.close()
+
+    os.remove(artifacts_zip_path)
+
+
+def get_spack_info():
+    git_path = os.path.join(spack.paths.prefix, ".git")
+    if os.path.exists(git_path):
+        git = exe.which("git")
+        if git:
+            with fs.working_dir(spack.paths.prefix):
+                git_log = git("log", "-1",
+                              output=str, error=os.devnull,
+                              fail_on_error=False)
+
+            return git_log
+
+    return 'no git repo, use spack {0}'.format(spack.spack_version)
+
+
+def setup_spack_repro_version(repro_dir, checkout_commit, merge_commit=None):
+    # figure out the path to the spack git version being used for the
+    # reproduction
+    print('checkout_commit: {0}'.format(checkout_commit))
+    print('merge_commit: {0}'.format(merge_commit))
+
+    dot_git_path = os.path.join(spack.paths.prefix, ".git")
+    if not os.path.exists(dot_git_path):
+        tty.error('Unable to find the path to your local spack clone')
+        return False
+
+    spack_git_path = spack.paths.prefix
+
+    git = exe.which("git")
+    if not git:
+        tty.error("reproduction of pipeline job requires git")
+        return False
+
+    # Check if we can find the tested commits in your local spack repo
+    with fs.working_dir(spack_git_path):
+        git("log", "-1", checkout_commit, output=str, error=os.devnull,
+            fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Missing commit: {0}'.format(checkout_commit))
+            return False
+
+        if merge_commit:
+            git("log", "-1", merge_commit, output=str, error=os.devnull,
+                fail_on_error=False)
+
+            if git.returncode != 0:
+                tty.error('Missing commit: {0}'.format(merge_commit))
+                return False
+
+    # Next attempt to clone your local spack repo into the repro dir
+    with fs.working_dir(repro_dir):
+        clone_out = git("clone", spack_git_path,
+                        output=str, error=os.devnull,
+                        fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Unable to clone your local spac repo:')
+            tty.msg(clone_out)
+            return False
+
+    # Finally, attempt to put the cloned repo into the same state used during
+    # the pipeline build job
+    repro_spack_path = os.path.join(repro_dir, 'spack')
+    with fs.working_dir(repro_spack_path):
+        co_out = git("checkout", checkout_commit,
+                     output=str, error=os.devnull,
+                     fail_on_error=False)
+
+        if git.returncode != 0:
+            tty.error('Unable to checkout {0}'.format(checkout_commit))
+            tty.msg(co_out)
+            return False
+
+        if merge_commit:
+            merge_out = git("-c", "user.name=cirepro", "-c",
+                            "user.email=user@email.org", "merge",
+                            "--no-edit", merge_commit,
+                            output=str, error=os.devnull,
+                            fail_on_error=False)
+
+            if git.returncode != 0:
+                tty.error('Unable to merge {0}'.format(merge_commit))
+                tty.msg(merge_out)
+                return False
+
+    return True
+
+
+def reproduce_ci_job(url, work_dir):
+    download_and_extract_artifacts(url, work_dir)
+
+    lock_file = fs.find(work_dir, 'spack.lock')[0]
+    concrete_env_dir = os.path.dirname(lock_file)
+
+    tty.debug('Concrete environment directory: {0}'.format(
+        concrete_env_dir))
+
+    yaml_files = fs.find(work_dir, ['*.yaml', '*.yml'])
+
+    tty.debug('yaml files:')
+    for yaml_file in yaml_files:
+        tty.debug('  {0}'.format(yaml_file))
+
+    pipeline_yaml = None
+
+    # Try to find the dynamically generated pipeline yaml file in the
+    # reproducer.  If the user did not put it in the artifacts root,
+    # but rather somewhere else and exported it as an artifact from
+    # that location, we won't be able to find it.
+    for yf in yaml_files:
+        with open(yf) as y_fd:
+            yaml_obj = syaml.load(y_fd)
+            if 'variables' in yaml_obj and 'stages' in yaml_obj:
+                pipeline_yaml = yaml_obj
+
+    if pipeline_yaml:
+        tty.debug('\n{0} is likely your pipeline file'.format(yf))
+
+    # Find the install script in the unzipped artifacts and make it executable
+    install_script = fs.find(work_dir, 'install.sh')[0]
+    st = os.stat(install_script)
+    os.chmod(install_script, st.st_mode | stat.S_IEXEC)
+
+    # Find the repro details file.  This just includes some values we wrote
+    # during `spack ci rebuild` to make reproduction easier.  E.g. the job
+    # name is written here so we can easily find the configuration of the
+    # job from the generated pipeline file.
+    repro_file = fs.find(work_dir, 'repro.json')[0]
+    repro_details = None
+    with open(repro_file) as fd:
+        repro_details = json.load(fd)
+
+    repro_dir = os.path.dirname(repro_file)
+    rel_repro_dir = repro_dir.replace(work_dir, '').lstrip(os.path.sep)
+
+    # Find the spack info text file that should contain the git log
+    # of the HEAD commit used during the CI build
+    spack_info_file = fs.find(work_dir, 'spack_info.txt')[0]
+    with open(spack_info_file) as fd:
+        spack_info = fd.read()
+
+    # Access the specific job configuration
+    job_name = repro_details['job_name']
+    job_yaml = None
+
+    if job_name in pipeline_yaml:
+        job_yaml = pipeline_yaml[job_name]
+
+    if job_yaml:
+        tty.debug('Found job:')
+        tty.debug(job_yaml)
+
+    job_image = None
+    setup_result = False
+    if 'image' in job_yaml:
+        job_image_elt = job_yaml['image']
+        if 'name' in job_image_elt:
+            job_image = job_image_elt['name']
+        else:
+            job_image = job_image_elt
+        tty.msg('Job ran with the following image: {0}'.format(job_image))
+
+        # Because we found this job was run with a docker image, so we will try
+        # to print a "docker run" command that bind-mounts the directory where
+        # we extracted the artifacts.
+
+        # Destination of bind-mounted reproduction directory.  It makes for a
+        # more faithful reproducer if everything appears to run in the same
+        # absolute path used during the CI build.
+        mount_as_dir = '/work'
+        if repro_details:
+            mount_as_dir = repro_details['ci_project_dir']
+            mounted_repro_dir = os.path.join(mount_as_dir, rel_repro_dir)
+
+        # We will also try to clone spack from your local checkout and
+        # reproduce the state present during the CI build, and put that into
+        # the bind-mounted reproducer directory.
+
+        # Regular expressions for parsing that HEAD commit.  If the pipeline
+        # was on the gitlab spack mirror, it will have been a merge commit made by
+        # gitub and pushed by the sync script.  If the pipeline was run on some
+        # environment repo, then the tested spack commit will likely have been
+        # a regular commit.
+        commit_1 = None
+        commit_2 = None
+        commit_regex = re.compile(r"commit\s+([^\s]+)")
+        merge_commit_regex = re.compile(r"Merge\s+([^\s]+)\s+into\s+([^\s]+)")
+
+        # Try the more specific merge commit regex first
+        m = merge_commit_regex.search(spack_info)
+        if m:
+            # This was a merge commit and we captured the parents
+            commit_1 = m.group(1)
+            commit_2 = m.group(2)
+        else:
+            # Not a merge commit, just get the commit sha
+            m = commit_regex.search(spack_info)
+            if m:
+                commit_1 = m.group(1)
+
+        setup_result = False
+        if commit_1:
+            if commit_2:
+                setup_result = setup_spack_repro_version(
+                    work_dir, commit_2, merge_commit=commit_1)
+            else:
+                setup_result = setup_spack_repro_version(work_dir, commit_1)
+
+        if not setup_result:
+            setup_msg = """
+        This can happen if the spack you are using to run this command is not a git
+        repo, or if it is a git repo, but it does not have the commits needed to
+        recreate the tested merge commit.  If you are trying to reproduce a spack
+        PR pipeline job failure, try fetching the latest develop commits from
+        mainline spack and make sure you have the most recent commit of the PR
+        branch in your local spack repo.  Then run this command again.
+        Alternatively, you can also manually clone spack if you know the version
+        you want to test.
+            """
+            tty.error('Failed to automatically setup the tested version of spack '
+                      'in your local reproduction directory.')
+            print(setup_msg)
+
+    # In cases where CI build was run on a shell runner, it might be useful
+    # to see what tags were applied to the job so the user knows what shell
+    # runner was used.  But in that case in general, we cannot do nearly as
+    # much to set up the reproducer.
+    job_tags = None
+    if 'tags' in job_yaml:
+        job_tags = job_yaml['tags']
+        tty.msg('Job ran with the following tags: {0}'.format(job_tags))
+
+    inst_list = []
+
+    # Finally, print out some instructions to reproduce the build
+    if job_image:
+        inst_list.append('\nRun the following command:\n\n')
+        inst_list.append('    $ docker run --rm -v {0}:{1} -ti {2}\n'.format(
+            work_dir, mount_as_dir, job_image))
+        inst_list.append('\nOnce inside the container:\n\n')
+    else:
+        inst_list.append('\nOnce on the tagged runner:\n\n')
+
+    if not setup_result:
+        inst_list.append('    - Clone spack and acquire tested commit\n')
+        inst_list.append('{0}'.format(spack_info))
+        spack_root = '<spack-clone-path>'
+    else:
+        spack_root = '{0}/spack'.format(mount_as_dir)
+
+    inst_list.append('    - Activate the environment\n\n')
+    inst_list.append('        $ source {0}/share/spack/setup-env.sh\n'.format(
+        spack_root))
+    inst_list.append(
+        '        $ spack env activate --without-view {0}\n\n'.format(
+            mounted_repro_dir if job_image else repro_dir))
+    inst_list.append('    - Run the install script\n\n')
+    inst_list.append('        $ {0}\n'.format(
+        os.path.join(mounted_repro_dir, 'install.sh')
+        if job_image else install_script))
+
+    print(''.join(inst_list))
--- a/lib/spack/spack/cmd/init.py
+++ b/lib/spack/spack/cmd/init.py
@@ -5,19 +5,20 @@

 from __future__ import print_function

+import argparse
 import os
 import re
 import sys
-import argparse
-import ruamel.yaml as yaml

+import ruamel.yaml as yaml
 import six
+from ruamel.yaml.error import MarkedYAMLError

 import llnl.util.tty as tty
+from llnl.util.filesystem import join_path
 from llnl.util.lang import attr_setdefault, index_by
 from llnl.util.tty.colify import colify
 from llnl.util.tty.color import colorize
-from llnl.util.filesystem import join_path

 import spack.config
 import spack.error
@@ -27,8 +28,6 @@
 import spack.store
 import spack.util.spack_json as sjson
 import spack.util.string
-from ruamel.yaml.error import MarkedYAMLError
-

 # cmd has a submodule called "list" so preserve the python list module
 python_list = list
--- a/lib/spack/spack/cmd/add.py
+++ b/lib/spack/spack/cmd/add.py
@@ -9,7 +9,6 @@
 import spack.cmd.common.arguments as arguments
 import spack.environment as ev

-
 description = 'add a spec to an environment'
 section = "environments"
 level = "long"
--- a/lib/spack/spack/cmd/analyze.py
+++ b/lib/spack/spack/cmd/analyze.py
@@ -0,0 +1,117 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+
+import sys
+
+import llnl.util.tty as tty
+
+import spack.analyzers
+import spack.build_environment
+import spack.cmd
+import spack.cmd.common.arguments as arguments
+import spack.environment as ev
+import spack.fetch_strategy
+import spack.monitor
+import spack.paths
+import spack.report
+
+description = "run analyzers on installed packages"
+section = "analysis"
+level = "long"
+
+
+def setup_parser(subparser):
+    sp = subparser.add_subparsers(metavar='SUBCOMMAND', dest='analyze_command')
+
+    sp.add_parser('list-analyzers',
+                  description="list available analyzers",
+                  help="show list of analyzers that are available to run.")
+
+    # This adds the monitor group to the subparser
+    spack.monitor.get_monitor_group(subparser)
+
+    # Run Parser
+    run_parser = sp.add_parser('run', description="run an analyzer",
+                               help="provide the name of the analyzer to run.")
+
+    run_parser.add_argument(
+        '--overwrite', action='store_true',
+        help="re-analyze even if the output file already exists.")
+    run_parser.add_argument(
+        '-p', '--path', default=None,
+        dest='path',
+        help="write output to a different directory than ~/.spack/analyzers")
+    run_parser.add_argument(
+        '-a', '--analyzers', default=None,
+        dest="analyzers", action="append",
+        help="add an analyzer (defaults to all available)")
+    arguments.add_common_arguments(run_parser, ['spec'])
+
+
+def analyze_spec(spec, analyzers=None, outdir=None, monitor=None, overwrite=False):
+    """
+    Do an analysis for a spec, optionally adding monitoring.
+
+    We also allow the user to specify a custom output directory.
+    analyze_spec(spec, args.analyzers, args.outdir, monitor)
+
+    Args:
+        spec (Spec): spec object of installed package
+        analyzers (list): list of analyzer (keys) to run
+        monitor (monitor.SpackMonitorClient): a monitor client
+        overwrite (bool): overwrite result if already exists
+    """
+    analyzers = analyzers or list(spack.analyzers.analyzer_types.keys())
+
+    # Load the build environment from the spec install directory, and send
+    # the spec to the monitor if it's not known
+    if monitor:
+        monitor.load_build_environment(spec)
+        monitor.new_configuration([spec])
+
+    for name in analyzers:
+
+        # Instantiate the analyzer with the spec and outdir
+        analyzer = spack.analyzers.get_analyzer(name)(spec, outdir)
+
+        # Run the analyzer to get a json result - results are returned as
+        # a dictionary with a key corresponding to the analyzer type, so
+        # we can just update the data
+        result = analyzer.run()
+
+        # Send the result. We do them separately because:
+        # 1. each analyzer might have differently organized output
+        # 2. the size of a result can be large
+        analyzer.save_result(result, overwrite)
+
+
+def analyze(parser, args, **kwargs):
+
+    # If the user wants to list analyzers, do so and exit
+    if args.analyze_command == "list-analyzers":
+        spack.analyzers.list_all()
+        sys.exit(0)
+
+    # handle active environment, if any
+    env = ev.get_env(args, 'analyze')
+
+    # Get an disambiguate spec (we should only have one)
+    specs = spack.cmd.parse_specs(args.spec)
+    if not specs:
+        tty.die("You must provide one or more specs to analyze.")
+    spec = spack.cmd.disambiguate_spec(specs[0], env)
+
+    # The user wants to monitor builds using github.com/spack/spack-monitor
+    # It is instantianted once here, and then available at spack.monitor.cli
+    monitor = None
+    if args.use_monitor:
+        monitor = spack.monitor.get_client(
+            host=args.monitor_host,
+            prefix=args.monitor_prefix,
+            disable_auth=args.monitor_disable_auth,
+        )
+
+    # Run the analysis
+    analyze_spec(spec, args.analyzers, args.path, monitor, args.overwrite)
--- a/lib/spack/spack/cmd/arch.py
+++ b/lib/spack/spack/cmd/arch.py
@@ -8,8 +8,10 @@
 import collections

 import archspec.cpu
+
 import llnl.util.tty.colify as colify
 import llnl.util.tty.color as color
+
 import spack.architecture as architecture

 description = "print architecture information about this machine"
--- a/lib/spack/spack/cmd/audit.py
+++ b/lib/spack/spack/cmd/audit.py
@@ -0,0 +1,80 @@
+# Copyright 2013-2021 Lawrence Livermore National Security, LLC and other
+# Spack Project Developers. See the top-level COPYRIGHT file for details.
+#
+# SPDX-License-Identifier: (Apache-2.0 OR MIT)
+import llnl.util.tty.color as cl
+
+import spack.audit
+import spack.repo
+
+description = "audit configuration files, packages, etc."
+section = "system"
+level = "short"
+
+
+def setup_parser(subparser):
+    # Top level flags, valid for every audit class
+    sp = subparser.add_subparsers(metavar='SUBCOMMAND', dest='subcommand')
+
+    # Audit configuration files
+    sp.add_parser('configs', help='audit configuration files')
+
+    # Audit package recipes
+    pkg_parser = sp.add_parser('packages', help='audit package recipes')
+    pkg_parser.add_argument(
+        'name', metavar='PKG', nargs='*',
+        help='package to be analyzed (if none all packages will be processed)',
+    )
+
+    # List all checks
+    sp.add_parser('list', help='list available checks and exits')
+
+
+def configs(parser, args):
+    reports = spack.audit.run_group(args.subcommand)
+    _process_reports(reports)
+
+
+def packages(parser, args):
+    pkgs = args.name or spack.repo.path.all_package_names()
+    reports = spack.audit.run_group(args.subcommand, pkgs=pkgs)
+    _process_reports(reports)
+
+
+def list(parser, args):
+    for subcommand, check_tags in spack.audit.GROUPS.items():
+        print(cl.colorize('@*b{' + subcommand + '}:'))
+        for tag in check_tags:
+            audit_obj = spack.audit.CALLBACKS[tag]
+            print('  ' + audit_obj.description)
+            if args.verbose:
+                for idx, fn in enumerate(audit_obj.callbacks):
+                    print('    {0}. '.format(idx + 1) + fn.__doc__)
+                print()
+        print()
+
+
+def audit(parser, args):
+    subcommands = {
+        'configs': configs,
+        'packages': packages,
+        'list': list
+    }
+    subcommands[args.subcommand](parser, args)
+
+
+def _process_reports(reports):
+    for check, errors in reports:
+        if errors:
+            msg = '{0}: {1} issue{2} found'.format(
+                check, len(errors), '' if len(errors) == 1 else 's'
+            )
+            header = '@*b{' + msg + '}'
+            print(cl.colorize(header))
+            for idx, error in enumerate(errors):
+                print(str(idx + 1) + '. ' + str(error))
+            raise SystemExit(1)
+        else:
+            msg = '{0}: 0 issues found.'.format(check)
+            header = '@*b{' + msg + '}'
+            print(cl.colorize(header))
--- a/lib/spack/spack/cmd/blame.py
+++ b/lib/spack/spack/cmd/blame.py
@@ -5,17 +5,18 @@

 import os
 import re
+import sys

 import llnl.util.tty as tty
-from llnl.util.lang import pretty_date
 from llnl.util.filesystem import working_dir
+from llnl.util.lang import pretty_date
 from llnl.util.tty.colify import colify_table

 import spack.paths
 import spack.repo
-from spack.util.executable import which
+import spack.util.spack_json as sjson
 from spack.cmd import spack_is_git_repo
-
+from spack.util.executable import which

 description = "show contributors to packages"
 section = "developer"
@@ -33,12 +34,57 @@ def setup_parser(subparser):
    view_group.add_argument(
        '-g', '--git', dest='view', action='store_const', const='git',
        help='show git blame output instead of summary')
+    subparser.add_argument(
+        "--json", action="store_true", default=False,
+        help="output blame as machine-readable json records")

    subparser.add_argument(
        'package_or_file', help='name of package to show contributions for, '
        'or path to a file in the spack repo')


+def print_table(rows, last_mod, total_lines, emails):
+    """
+    Given a set of rows with authors and lines, print a table.
+    """
+    table = [['LAST_COMMIT', 'LINES', '%', 'AUTHOR', 'EMAIL']]
+    for author, nlines in rows:
+        table += [[
+            pretty_date(last_mod[author]),
+            nlines,
+            round(nlines / float(total_lines) * 100, 1),
+            author,
+            emails[author]]]
+
+    table += [[''] * 5]
+    table += [[pretty_date(max(last_mod.values())), total_lines, '100.0'] +
+              [''] * 3]
+
+    colify_table(table)
+
+
+def dump_json(rows, last_mod, total_lines, emails):
+    """
+    Dump the blame as a json object to the terminal.
+    """
+    result = {}
+    authors = []
+    for author, nlines in rows:
+        authors.append({
+            "last_commit": pretty_date(last_mod[author]),
+            "lines": nlines,
+            "percentage": round(nlines / float(total_lines) * 100, 1),
+            "author": author,
+            "email": emails[author]
+        })
+
+    result['authors'] = authors
+    result["totals"] = {"last_commit": pretty_date(max(last_mod.values())),
+                        "lines": total_lines, "percentage": "100.0"}
+
+    sjson.dump(result, sys.stdout)
+
+
 def blame(parser, args):
    # make sure this is a git repo
    if not spack_is_git_repo():
@@ -96,18 +142,10 @@ def blame(parser, args):
    else:  # args.view == 'percent'
        rows = sorted(counts.items(), key=lambda t: t[1], reverse=True)

+    # Dump as json
+    if args.json:
+        dump_json(rows, last_mod, total_lines, emails)
+
    # Print a nice table with authors and emails
-    table = [['LAST_COMMIT', 'LINES', '%', 'AUTHOR', 'EMAIL']]
-    for author, nlines in rows:
-        table += [[
-            pretty_date(last_mod[author]),
-            nlines,
-            round(nlines / float(total_lines) * 100, 1),
-            author,
-            emails[author]]]
-
-    table += [[''] * 5]
-    table += [[pretty_date(max(last_mod.values())), total_lines, '100.0'] +
-              [''] * 3]
-
-    colify_table(table)
+    else:
+        print_table(rows, last_mod, total_lines, emails)
--- a/lib/spack/spack/cmd/buildcache.py
+++ b/lib/spack/spack/cmd/buildcache.py
@@ -8,10 +8,12 @@
 import sys

 import llnl.util.tty as tty
+
 import spack.architecture
 import spack.binary_distribution as bindist
 import spack.cmd
 import spack.cmd.common.arguments as arguments
+import spack.config
 import spack.environment as ev
 import spack.hash_types as ht
 import spack.mirror
@@ -19,17 +21,12 @@
 import spack.repo
 import spack.spec
 import spack.store
-import spack.config
-import spack.repo
-import spack.store
 import spack.util.url as url_util
-
+from spack.cmd import display_specs
 from spack.error import SpecError
 from spack.spec import Spec, save_dependency_spec_yamls
 from spack.util.string import plural

-from spack.cmd import display_specs
-
 description = "create, download and install binary packages"
 section = "packaging"
 level = "long"
--- a/lib/spack/spack/cmd/checksum.py
+++ b/lib/spack/spack/cmd/checksum.py
@@ -15,7 +15,7 @@
 import spack.stage
 import spack.util.crypto
 from spack.util.naming import valid_fully_qualified_module_name
-from spack.version import ver, Version
+from spack.version import Version, ver

 description = "checksum available versions of a package"
 section = "packaging"
--- a/lib/spack/spack/cmd/ci.py
+++ b/lib/spack/spack/cmd/ci.py
@@ -3,9 +3,13 @@
 #
 # SPDX-License-Identifier: (Apache-2.0 OR MIT)

+import json
 import os
 import shutil
+import stat
+import subprocess
 import sys
+import tempfile

 from six.moves.urllib.parse import urlencode

@@ -14,16 +18,19 @@
 import spack.binary_distribution as bindist
 import spack.ci as spack_ci
 import spack.cmd.buildcache as buildcache
+import spack.config as cfg
 import spack.environment as ev
 import spack.hash_types as ht
-import spack.util.executable as exe
+import spack.mirror
 import spack.util.url as url_util
-
+import spack.util.web as web_util

 description = "manage continuous integration pipelines"
 section = "build"
 level = "long"

+CI_REBUILD_INSTALL_BASE_ARGS = ['spack', '-d', '-v']
+

 def get_env_var(variable_name):
    if variable_name in os.environ:
@@ -75,18 +82,32 @@ def setup_parser(subparser):
 to determine whether a given spec is up to date on mirrors.  In the latter
 case, specs might be needlessly rebuilt if remote buildcache indices are out
 of date.""")
+    generate.add_argument(
+        '--artifacts-root', default=None,
+        help="""Path to root of artifacts directory.  If provided, concrete
+environment files (spack.yaml, spack.lock) will be generated under this
+path and their location sent to generated child jobs via the custom job
+variable SPACK_CONCRETE_ENVIRONMENT_PATH.""")
    generate.set_defaults(func=ci_generate)

-    # Check a spec against mirror. Rebuild, create buildcache and push to
-    # mirror (if necessary).
-    rebuild = subparsers.add_parser('rebuild', help=ci_rebuild.__doc__)
-    rebuild.set_defaults(func=ci_rebuild)
-
    # Rebuild the buildcache index associated with the mirror in the
    # active, gitlab-enabled environment.
    index = subparsers.add_parser('rebuild-index', help=ci_reindex.__doc__)
    index.set_defaults(func=ci_reindex)

+    # Handle steps of a ci build/rebuild
+    rebuild = subparsers.add_parser('rebuild', help=ci_rebuild.__doc__)
+    rebuild.set_defaults(func=ci_rebuild)
+
+    # Facilitate reproduction of a failed CI build job
+    reproduce = subparsers.add_parser('reproduce-build',
+                                      help=ci_reproduce.__doc__)
+    reproduce.add_argument('job_url', help='Url of job artifacts bundle')
+    reproduce.add_argument('--working-dir', help="Where to unpack artifacts",
+                           default=os.path.join(os.getcwd(), 'ci_reproduction'))
+
+    reproduce.set_defaults(func=ci_reproduce)
+

 def ci_generate(args):
    """Generate jobs file from a spack environment file containing CI info.
@@ -103,6 +124,7 @@ def ci_generate(args):
    use_dependencies = args.dependencies
    prune_dag = args.prune_dag
    index_only = args.index_only
+    artifacts_root = args.artifacts_root

    if not output_file:
        output_file = os.path.abspath(".gitlab-ci.yml")
@@ -116,7 +138,7 @@ def ci_generate(args):
    spack_ci.generate_gitlab_ci_yaml(
        env, True, output_file, prune_dag=prune_dag,
        check_index_only=index_only, run_optimizer=run_optimizer,
-        use_dependencies=use_dependencies)
+        use_dependencies=use_dependencies, artifacts_root=artifacts_root)

    if copy_yaml_to:
        copy_to_dir = os.path.dirname(copy_yaml_to)
@@ -125,51 +147,31 @@ def ci_generate(args):
        shutil.copyfile(output_file, copy_yaml_to)


-def ci_rebuild(args):
-    """This command represents a gitlab-ci job, corresponding to a single
-       release spec.  As such it must first decide whether or not the spec it
-       has been assigned to build is up to date on the remote binary mirror.
-       If it is not (i.e. the full_hash of the spec as computed locally does
-       not match the one stored in the metadata on the mirror), this script
-       will build the package, create a binary cache for it, and then push all
-       related files to the remote binary mirror.  This script also
-       communicates with a remote CDash instance to share status on the package
-       build process.
-
-       The spec to be built by this job is represented by essentially two
-       pieces of information: 1) a root spec (possibly already concrete, but
-       maybe still needing to be concretized) and 2) a package name used to
-       index that root spec (once the root is, for certain, concrete)."""
-    env = ev.get_env(args, 'ci rebuild', required=True)
+def ci_reindex(args):
+    """Rebuild the buildcache index associated with the mirror in the
+       active, gitlab-enabled environment. """
+    env = ev.get_env(args, 'ci rebuild-index', required=True)
    yaml_root = ev.config_dict(env.yaml)

-    # The following environment variables should defined in the CI
-    # infrastructre (or some other external source) in the case that the
-    # remote mirror is an S3 bucket.  The AWS keys are used to upload
-    # buildcache entries to S3 using the boto3 api.
-    #
-    # AWS_ACCESS_KEY_ID
-    # AWS_SECRET_ACCESS_KEY
-    # S3_ENDPOINT_URL (only needed for non-AWS S3 implementations)
-    #
-    # If present, we will import the  SPACK_SIGNING_KEY using the
-    # "spack gpg trust" command, so it can be used both for verifying
-    # dependency buildcache entries and signing the buildcache entry we create
-    # for our target pkg.
-    #
-    # SPACK_SIGNING_KEY
+    if 'mirrors' not in yaml_root or len(yaml_root['mirrors'].values()) < 1:
+        tty.die('spack ci rebuild-index requires an env containing a mirror')

-    ci_artifact_dir = get_env_var('CI_PROJECT_DIR')
-    ci_pipeline_id = get_env_var('CI_PIPELINE_ID')
-    signing_key = get_env_var('SPACK_SIGNING_KEY')
-    root_spec = get_env_var('SPACK_ROOT_SPEC')
-    job_spec_pkg_name = get_env_var('SPACK_JOB_SPEC_PKG_NAME')
-    compiler_action = get_env_var('SPACK_COMPILER_ACTION')
-    cdash_build_name = get_env_var('SPACK_CDASH_BUILD_NAME')
-    related_builds = get_env_var('SPACK_RELATED_BUILDS_CDASH')
-    pr_env_var = get_env_var('SPACK_IS_PR_PIPELINE')
-    pr_mirror_url = get_env_var('SPACK_PR_MIRROR_URL')
+    ci_mirrors = yaml_root['mirrors']
+    mirror_urls = [url for url in ci_mirrors.values()]
+    remote_mirror_url = mirror_urls[0]

+    buildcache.update_index(remote_mirror_url, update_keys=True)
+
+
+def ci_rebuild(args):
+    """Check a single spec against the remote mirror, and rebuild it from
+       source if the mirror does not contain the full hash match of the spec
+       as computed locally. """
+    env = ev.get_env(args, 'ci rebuild', required=True)
+
+    # Make sure the environment is "gitlab-enabled", or else there's nothing
+    # to do.
+    yaml_root = ev.config_dict(env.yaml)
    gitlab_ci = None
    if 'gitlab-ci' in yaml_root:
        gitlab_ci = yaml_root['gitlab-ci']
@@ -177,6 +179,45 @@ def ci_rebuild(args):
    if not gitlab_ci:
        tty.die('spack ci rebuild requires an env containing gitlab-ci cfg')

+    # Grab the environment variables we need.  These either come from the
+    # pipeline generation step ("spack ci generate"), where they were written
+    # out as variables, or else provided by GitLab itself.
+    pipeline_artifacts_dir = get_env_var('SPACK_ARTIFACTS_ROOT')
+    job_log_dir = get_env_var('SPACK_JOB_LOG_DIR')
+    repro_dir = get_env_var('SPACK_JOB_REPRO_DIR')
+    local_mirror_dir = get_env_var('SPACK_LOCAL_MIRROR_DIR')
+    concrete_env_dir = get_env_var('SPACK_CONCRETE_ENV_DIR')
+    ci_pipeline_id = get_env_var('CI_PIPELINE_ID')
+    ci_job_name = get_env_var('CI_JOB_NAME')
+    signing_key = get_env_var('SPACK_SIGNING_KEY')
+    root_spec = get_env_var('SPACK_ROOT_SPEC')
+    job_spec_pkg_name = get_env_var('SPACK_JOB_SPEC_PKG_NAME')
+    compiler_action = get_env_var('SPACK_COMPILER_ACTION')
+    cdash_build_name = get_env_var('SPACK_CDASH_BUILD_NAME')
+    related_builds = get_env_var('SPACK_RELATED_BUILDS_CDASH')
+    spack_pipeline_type = get_env_var('SPACK_PIPELINE_TYPE')
+    pr_mirror_url = get_env_var('SPACK_PR_MIRROR_URL')
+    remote_mirror_url = get_env_var('SPACK_REMOTE_MIRROR_URL')
+
+    # Construct absolute paths relative to current $CI_PROJECT_DIR
+    ci_project_dir = get_env_var('CI_PROJECT_DIR')
+    pipeline_artifacts_dir = os.path.join(
+        ci_project_dir, pipeline_artifacts_dir)
+    job_log_dir = os.path.join(ci_project_dir, job_log_dir)
+    repro_dir = os.path.join(ci_project_dir, repro_dir)
+    local_mirror_dir = os.path.join(ci_project_dir, local_mirror_dir)
+    concrete_env_dir = os.path.join(ci_project_dir, concrete_env_dir)
+
+    # Debug print some of the key environment variables we should have received
+    tty.debug('pipeline_artifacts_dir = {0}'.format(pipeline_artifacts_dir))
+    tty.debug('root_spec = {0}'.format(root_spec))
+    tty.debug('remote_mirror_url = {0}'.format(remote_mirror_url))
+    tty.debug('job_spec_pkg_name = {0}'.format(job_spec_pkg_name))
+    tty.debug('compiler_action = {0}'.format(compiler_action))
+
+    # Query the environment manifest to find out whether we're reporting to a
+    # CDash instance, and if so, gather some information from the manifest to
+    # support that task.
    enable_cdash = False
    if 'cdash' in yaml_root:
        enable_cdash = True
@@ -196,32 +237,20 @@ def ci_rebuild(args):
        tty.debug('related_builds = {0}'.format(related_builds))
        tty.debug('job_spec_buildgroup = {0}'.format(job_spec_buildgroup))

-    remote_mirror_url = None
-    if 'mirrors' in yaml_root:
-        ci_mirrors = yaml_root['mirrors']
-        mirror_urls = [url for url in ci_mirrors.values()]
-        remote_mirror_url = mirror_urls[0]
+    # Is this a pipeline run on a spack PR or a merge to develop?  It might
+    # be neither, e.g. a pipeline run on some environment repository.
+    spack_is_pr_pipeline = spack_pipeline_type == 'spack_pull_request'
+    spack_is_develop_pipeline = spack_pipeline_type == 'spack_protected_branch'

-    if not remote_mirror_url:
-        tty.die('spack ci rebuild requires an env containing a mirror')
-
-    tty.debug('ci_artifact_dir = {0}'.format(ci_artifact_dir))
-    tty.debug('root_spec = {0}'.format(root_spec))
-    tty.debug('remote_mirror_url = {0}'.format(remote_mirror_url))
-    tty.debug('job_spec_pkg_name = {0}'.format(job_spec_pkg_name))
-    tty.debug('compiler_action = {0}'.format(compiler_action))
-
-    cdash_report_dir = os.path.join(ci_artifact_dir, 'cdash_report')
-    temp_dir = os.path.join(ci_artifact_dir, 'jobs_scratch_dir')
-    job_log_dir = os.path.join(temp_dir, 'logs')
-    spec_dir = os.path.join(temp_dir, 'specs')
-
-    local_mirror_dir = os.path.join(ci_artifact_dir, 'local_mirror')
-    build_cache_dir = os.path.join(local_mirror_dir, 'build_cache')
-
-    spack_is_pr_pipeline = True if pr_env_var == 'True' else False
+    tty.debug('Pipeline type - PR: {0}, develop: {1}'.format(
+        spack_is_pr_pipeline, spack_is_develop_pipeline))

+    # Figure out what is our temporary storage mirror: Is it artifacts
+    # buildcache?  Or temporary-storage-url-prefix?  In some cases we need to
+    # force something or pipelines might not have a way to propagate build
+    # artifacts from upstream to downstream jobs.
    pipeline_mirror_url = None
+
    temp_storage_url_prefix = None
    if 'temporary-storage-url-prefix' in gitlab_ci:
        temp_storage_url_prefix = gitlab_ci['temporary-storage-url-prefix']
@@ -245,210 +274,336 @@ def ci_rebuild(args):
                pipeline_mirror_url)
            tty.debug(mirror_msg)

-    # Clean out scratch directory from last stage
-    if os.path.exists(temp_dir):
-        shutil.rmtree(temp_dir)
+    # Whatever form of root_spec we got, use it to get a map giving us concrete
+    # specs for this job and all of its dependencies.
+    spec_map = spack_ci.get_concrete_specs(
+        env, root_spec, job_spec_pkg_name, related_builds, compiler_action)
+    job_spec = spec_map[job_spec_pkg_name]

+    job_spec_yaml_file = '{0}.yaml'.format(job_spec_pkg_name)
+    job_spec_yaml_path = os.path.join(repro_dir, job_spec_yaml_file)
+
+    # To provide logs, cdash reports, etc for developer download/perusal,
+    # these things have to be put into artifacts.  This means downstream
+    # jobs that "need" this job will get those artifacts too.  So here we
+    # need to clean out the artifacts we may have got from upstream jobs.
+
+    cdash_report_dir = os.path.join(pipeline_artifacts_dir, 'cdash_report')
    if os.path.exists(cdash_report_dir):
        shutil.rmtree(cdash_report_dir)

-    os.makedirs(job_log_dir)
-    os.makedirs(spec_dir)
+    if os.path.exists(job_log_dir):
+        shutil.rmtree(job_log_dir)

-    job_spec_yaml_path = os.path.join(
-        spec_dir, '{0}.yaml'.format(job_spec_pkg_name))
-    job_log_file = os.path.join(job_log_dir, 'pipeline_log.txt')
+    if os.path.exists(repro_dir):
+        shutil.rmtree(repro_dir)
+
+    # Now that we removed them if they existed, create the directories we
+    # need for storing artifacts.  The cdash_report directory will be
+    # created internally if needed.
+    os.makedirs(job_log_dir)
+    os.makedirs(repro_dir)
+
+    # Copy the concrete environment files to the repro directory so we can
+    # expose them as artifacts and not conflict with the concrete environment
+    # files we got as artifacts from the upstream pipeline generation job.
+    # Try to cast a slightly wider net too, and hopefully get the generated
+    # pipeline yaml.  If we miss it, the user will still be able to go to the
+    # pipeline generation job and get it from there.
+    target_dirs = [
+        concrete_env_dir,
+        pipeline_artifacts_dir
+    ]
+
+    for dir_to_list in target_dirs:
+        for file_name in os.listdir(dir_to_list):
+            src_file = os.path.join(dir_to_list, file_name)
+            if os.path.isfile(src_file):
+                dst_file = os.path.join(repro_dir, file_name)
+                shutil.copyfile(src_file, dst_file)
+
+    # If signing key was provided via "SPACK_SIGNING_KEY", then try to
+    # import it.
+    if signing_key:
+        spack_ci.import_signing_key(signing_key)
+
+    # Depending on the specifics of this job, we might need to turn on the
+    # "config:install_missing compilers" option (to build this job spec
+    # with a bootstrapped compiler), or possibly run "spack compiler find"
+    # (to build a bootstrap compiler or one of its deps in a
+    # compiler-agnostic way), or maybe do nothing at all (to build a spec
+    # using a compiler already installed on the target system).
+    spack_ci.configure_compilers(compiler_action)
+
+    # Write this job's spec yaml into the reproduction directory, and it will
+    # also be used in the generated "spack install" command to install the spec
+    tty.debug('job concrete spec path: {0}'.format(job_spec_yaml_path))
+    with open(job_spec_yaml_path, 'w') as fd:
+        fd.write(job_spec.to_yaml(hash=ht.build_hash))
+
+    # Write the concrete root spec yaml into the reproduction directory
+    root_spec_yaml_path = os.path.join(repro_dir, 'root.yaml')
+    with open(root_spec_yaml_path, 'w') as fd:
+        fd.write(spec_map['root'].to_yaml(hash=ht.build_hash))
+
+    # Write some other details to aid in reproduction into an artifact
+    repro_file = os.path.join(repro_dir, 'repro.json')
+    repro_details = {
+        'job_name': ci_job_name,
+        'job_spec_yaml': job_spec_yaml_file,
+        'root_spec_yaml': 'root.yaml',
+        'ci_project_dir': ci_project_dir
+    }
+    with open(repro_file, 'w') as fd:
+        fd.write(json.dumps(repro_details))
+
+    # Write information about spack into an artifact in the repro dir
+    spack_info = spack_ci.get_spack_info()
+    spack_info_file = os.path.join(repro_dir, 'spack_info.txt')
+    with open(spack_info_file, 'w') as fd:
+        fd.write('\n{0}\n'.format(spack_info))
+
+    # If we decided there should be a temporary storage mechanism, add that
+    # mirror now so it's used when we check for a full hash match already
+    # built for this spec.
+    if pipeline_mirror_url:
+        spack.mirror.add(spack_ci.TEMP_STORAGE_MIRROR_NAME,
+                         pipeline_mirror_url,
+                         cfg.default_modify_scope())

    cdash_build_id = None
    cdash_build_stamp = None

-    with open(job_log_file, 'w') as log_fd:
-        os.dup2(log_fd.fileno(), sys.stdout.fileno())
-        os.dup2(log_fd.fileno(), sys.stderr.fileno())
+    # Check configured mirrors for a built spec with a matching full hash
+    matches = bindist.get_mirrors_for_spec(
+        job_spec, full_hash_match=True, index_only=False)

-        current_directory = os.getcwd()
-        tty.debug('Current working directory: {0}, Contents:'.format(
-            current_directory))
-        directory_list = os.listdir(current_directory)
-        for next_entry in directory_list:
-            tty.debug('  {0}'.format(next_entry))
+    if matches:
+        # Got a full hash match on at least one configured mirror.  All
+        # matches represent the fully up-to-date spec, so should all be
+        # equivalent.  If artifacts mirror is enabled, we just pick one
+        # of the matches and download the buildcache files from there to
+        # the artifacts, so they're available to be used by dependent
+        # jobs in subsequent stages.
+        tty.msg('No need to rebuild {0}, found full hash match at: '.format(
+            job_spec_pkg_name))
+        for match in matches:
+            tty.msg('    {0}'.format(match['mirror_url']))
+        if enable_artifacts_mirror:
+            matching_mirror = matches[0]['mirror_url']
+            build_cache_dir = os.path.join(local_mirror_dir, 'build_cache')
+            tty.debug('Getting {0} buildcache from {1}'.format(
+                job_spec_pkg_name, matching_mirror))
+            tty.debug('Downloading to {0}'.format(build_cache_dir))
+            buildcache.download_buildcache_files(
+                job_spec, build_cache_dir, False, matching_mirror)

-        tty.debug('job concrete spec path: {0}'.format(job_spec_yaml_path))
+        # Now we are done and successful
+        sys.exit(0)

-        if signing_key:
-            spack_ci.import_signing_key(signing_key)
+    # No full hash match anywhere means we need to rebuild spec

+    # Start with spack arguments
+    install_args = [base_arg for base_arg in CI_REBUILD_INSTALL_BASE_ARGS]
+
+    config = cfg.get('config')
+    if not config['verify_ssl']:
+        install_args.append('-k')
+
+    install_args.extend([
+        'install',
+        '--keep-stage',
+        '--require-full-hash-match',
+    ])
+
+    can_verify = spack_ci.can_verify_binaries()
+    verify_binaries = can_verify and spack_is_pr_pipeline is False
+    if not verify_binaries:
+        install_args.append('--no-check-signature')
+
+    # If CDash reporting is enabled, we first register this build with
+    # the specified CDash instance, then relate the build to those of
+    # its dependencies.
+    if enable_cdash:
+        tty.debug('CDash: Registering build')
+        (cdash_build_id,
+            cdash_build_stamp) = spack_ci.register_cdash_build(
+            cdash_build_name, cdash_base_url, cdash_project,
+            cdash_site, job_spec_buildgroup)
+
+        if cdash_build_id is not None:
+            cdash_upload_url = '{0}/submit.php?project={1}'.format(
+                cdash_base_url, cdash_project_enc)
+
+            install_args.extend([
+                '--cdash-upload-url', cdash_upload_url,
+                '--cdash-build', cdash_build_name,
+                '--cdash-site', cdash_site,
+                '--cdash-buildstamp', cdash_build_stamp,
+            ])
+
+            tty.debug('CDash: Relating build with dependency builds')
+            spack_ci.relate_cdash_builds(
+                spec_map, cdash_base_url, cdash_build_id, cdash_project,
+                [pipeline_mirror_url, pr_mirror_url, remote_mirror_url])
+
+    # A compiler action of 'FIND_ANY' means we are building a bootstrap
+    # compiler or one of its deps.
+    # TODO: when compilers are dependencies, we should include --no-add
+    if compiler_action != 'FIND_ANY':
+        install_args.append('--no-add')
+
+    # TODO: once we have the concrete spec registry, use the DAG hash
+    # to identify the spec to install, rather than the concrete spec
+    # yaml file.
+    install_args.extend(['-f', job_spec_yaml_path])
+
+    tty.debug('Installing {0} from source'.format(job_spec.name))
+    tty.debug('spack install arguments: {0}'.format(
+        install_args))
+
+    # Write the install command to a shell script
+    with open('install.sh', 'w') as fd:
+        fd.write('#!/bin/bash\n\n')
+        fd.write('\n# spack install command\n')
+        fd.write(' '.join(['"{0}"'.format(i) for i in install_args]))
+        fd.write('\n')
+
+    st = os.stat('install.sh')
+    os.chmod('install.sh', st.st_mode | stat.S_IEXEC)
+
+    install_copy_path = os.path.join(repro_dir, 'install.sh')
+    shutil.copyfile('install.sh', install_copy_path)
+
+    # Run the generated install.sh shell script as if it were being run in
+    # a login shell.
+    try:
+        install_process  = subprocess.Popen(['bash', '-l', './install.sh'])
+        install_process.wait()
+        install_exit_code = install_process.returncode
+    except (ValueError, subprocess.CalledProcessError, OSError) as inst:
+        tty.error('Encountered error running install script')
+        tty.error(inst)
+
+    # Now do the post-install tasks
+    tty.debug('spack install exited {0}'.format(install_exit_code))
+
+    # If a spec fails to build in a spack develop pipeline, we add it to a
+    # list of known broken full hashes.  This allows spack PR pipelines to
+    # avoid wasting compute cycles attempting to build those hashes.
+    if install_exit_code == 1 and spack_is_develop_pipeline:
+        tty.debug('Install failed on develop')
+        if 'broken-specs-url' in gitlab_ci:
+            broken_specs_url = gitlab_ci['broken-specs-url']
+            dev_fail_hash = job_spec.full_hash()
+            broken_spec_path = url_util.join(broken_specs_url, dev_fail_hash)
+            tty.msg('Reporting broken develop build as: {0}'.format(
+                broken_spec_path))
+            tmpdir = tempfile.mkdtemp()
+            empty_file_path = os.path.join(tmpdir, 'empty.txt')
+
+            try:
+                with open(empty_file_path, 'w') as efd:
+                    efd.write('')
+                web_util.push_to_url(
+                    empty_file_path,
+                    broken_spec_path,
+                    keep_original=False,
+                    extra_args={'ContentType': 'text/plain'})
+            except Exception as err:
+                # If we got some kind of S3 (access denied or other connection
+                # error), the first non boto-specific class in the exception
+                # hierarchy is Exception.  Just print a warning and return
+                msg = 'Error writing to broken specs list {0}: {1}'.format(
+                    broken_spec_path, err)
+                tty.warn(msg)
+            finally:
+                shutil.rmtree(tmpdir)
+
+    # We generated the "spack install ..." command to "--keep-stage", copy
+    # any logs from the staging directory to artifacts now
+    spack_ci.copy_stage_logs_to_artifacts(job_spec, job_log_dir)
+
+    # Create buildcache on remote mirror, either on pr-specific mirror or
+    # on the main mirror defined in the gitlab-enabled spack environment
+    if spack_is_pr_pipeline:
+        buildcache_mirror_url = pr_mirror_url
+    else:
+        buildcache_mirror_url = remote_mirror_url
+
+    # If the install succeeded, create a buildcache entry for this job spec
+    # and push it to one or more mirrors.  If the install did not succeed,
+    # print out some instructions on how to reproduce this build failure
+    # outside of the pipeline environment.
+    if install_exit_code == 0:
        can_sign = spack_ci.can_sign_binaries()
        sign_binaries = can_sign and spack_is_pr_pipeline is False

-        can_verify = spack_ci.can_verify_binaries()
-        verify_binaries = can_verify and spack_is_pr_pipeline is False
-
-        spack_ci.configure_compilers(compiler_action)
-
-        spec_map = spack_ci.get_concrete_specs(
-            root_spec, job_spec_pkg_name, related_builds, compiler_action)
-
-        job_spec = spec_map[job_spec_pkg_name]
-
-        tty.debug('Here is the concrete spec: {0}'.format(job_spec))
-
-        with open(job_spec_yaml_path, 'w') as fd:
-            fd.write(job_spec.to_yaml(hash=ht.build_hash))
-
-        tty.debug('Done writing concrete spec')
-
-        # DEBUG
-        with open(job_spec_yaml_path) as fd:
-            tty.debug('Wrote spec file, read it back.  Contents:')
-            tty.debug(fd.read())
-
-        # DEBUG the root spec
-        root_spec_yaml_path = os.path.join(spec_dir, 'root.yaml')
-        with open(root_spec_yaml_path, 'w') as fd:
-            fd.write(spec_map['root'].to_yaml(hash=ht.build_hash))
-
-        # TODO: Refactor the spack install command so it's easier to use from
-        # python modules.  Currently we use "exe.which('spack')" to make it
-        # easier to install packages from here, but it introduces some
-        # problems, e.g. if we want the spack command to have access to the
-        # mirrors we're configuring, then we have to use the "spack" command
-        # to add the mirrors too, which in turn means that any code here *not*
-        # using the spack command does *not* have access to the mirrors.
-        spack_cmd = exe.which('spack')
-        mirrors_to_check = {
-            'ci_remote_mirror': remote_mirror_url,
-        }
-
-        def add_mirror(mirror_name, mirror_url):
-            m_args = ['mirror', 'add', mirror_name, mirror_url]
-            tty.debug('Adding mirror: spack {0}'.format(m_args))
-            mirror_add_output = spack_cmd(*m_args)
-            # Workaround: Adding the mirrors above, using "spack_cmd" makes
-            # sure they're available later when we use "spack_cmd" to install
-            # the package.  But then we also need to add them to this dict
-            # below, so they're available in this process (we end up having to
-            # pass them to "bindist.get_mirrors_for_spec()")
-            mirrors_to_check[mirror_name] = mirror_url
-            tty.debug('spack mirror add output: {0}'.format(mirror_add_output))
-
-        # Configure mirrors
-        if pr_mirror_url:
-            add_mirror('ci_pr_mirror', pr_mirror_url)
-
-        if pipeline_mirror_url:
-            add_mirror(spack_ci.TEMP_STORAGE_MIRROR_NAME, pipeline_mirror_url)
-
-        tty.debug('listing spack mirrors:')
-        spack_cmd('mirror', 'list')
-        spack_cmd('config', 'blame', 'mirrors')
-
-        # Checks all mirrors for a built spec with a matching full hash
-        matches = bindist.get_mirrors_for_spec(
-            job_spec, full_hash_match=True, mirrors_to_check=mirrors_to_check,
-            index_only=False)
-
-        if matches:
-            # Got at full hash match on at least one configured mirror.  All
-            # matches represent the fully up-to-date spec, so should all be
-            # equivalent.  If artifacts mirror is enabled, we just pick one
-            # of the matches and download the buildcache files from there to
-            # the artifacts, so they're available to be used by dependent
-            # jobs in subsequent stages.
-            tty.debug('No need to rebuild {0}'.format(job_spec_pkg_name))
-            if enable_artifacts_mirror:
-                matching_mirror = matches[0]['mirror_url']
-                tty.debug('Getting {0} buildcache from {1}'.format(
-                    job_spec_pkg_name, matching_mirror))
-                tty.debug('Downloading to {0}'.format(build_cache_dir))
-                buildcache.download_buildcache_files(
-                    job_spec, build_cache_dir, True, matching_mirror)
-        else:
-            # No full hash match anywhere means we need to rebuild spec
-
-            # Build up common install arguments
-            install_args = [
-                '-d', '-v', '-k', 'install',
-                '--keep-stage',
-                '--require-full-hash-match',
-            ]
-
-            if not verify_binaries:
-                install_args.append('--no-check-signature')
-
-            # Add arguments to create + register a new build on CDash (if
-            # enabled)
-            if enable_cdash:
-                tty.debug('Registering build with CDash')
-                (cdash_build_id,
-                    cdash_build_stamp) = spack_ci.register_cdash_build(
-                    cdash_build_name, cdash_base_url, cdash_project,
-                    cdash_site, job_spec_buildgroup)
-
-                cdash_upload_url = '{0}/submit.php?project={1}'.format(
-                    cdash_base_url, cdash_project_enc)
-
-                install_args.extend([
-                    '--cdash-upload-url', cdash_upload_url,
-                    '--cdash-build', cdash_build_name,
-                    '--cdash-site', cdash_site,
-                    '--cdash-buildstamp', cdash_build_stamp,
-                ])
-
-            install_args.append(job_spec_yaml_path)
-
-            tty.debug('Installing {0} from source'.format(job_spec.name))
-
-            try:
-                tty.debug('spack install arguments: {0}'.format(
-                    install_args))
-                spack_cmd(*install_args)
-            finally:
-                spack_ci.copy_stage_logs_to_artifacts(job_spec, job_log_dir)
-
-            # Create buildcache on remote mirror, either on pr-specific
-            # mirror or on mirror defined in spack environment
-            if spack_is_pr_pipeline:
-                buildcache_mirror_url = pr_mirror_url
-            else:
-                buildcache_mirror_url = remote_mirror_url
-
-            # Create buildcache in either the main remote mirror, or in the
-            # per-PR mirror, if this is a PR pipeline
+        # Create buildcache in either the main remote mirror, or in the
+        # per-PR mirror, if this is a PR pipeline
+        if buildcache_mirror_url:
            spack_ci.push_mirror_contents(
                env, job_spec, job_spec_yaml_path, buildcache_mirror_url,
-                cdash_build_id, sign_binaries)
+                sign_binaries)

-            # Create another copy of that buildcache in the per-pipeline
-            # temporary storage mirror (this is only done if either artifacts
-            # buildcache is enabled or a temporary storage url prefix is set)
+            if cdash_build_id:
+                tty.debug('Writing cdashid ({0}) to remote mirror: {1}'.format(
+                    cdash_build_id, buildcache_mirror_url))
+                spack_ci.write_cdashid_to_mirror(
+                    cdash_build_id, job_spec, buildcache_mirror_url)
+
+        # Create another copy of that buildcache in the per-pipeline
+        # temporary storage mirror (this is only done if either
+        # artifacts buildcache is enabled or a temporary storage url
+        # prefix is set)
+        if pipeline_mirror_url:
            spack_ci.push_mirror_contents(
                env, job_spec, job_spec_yaml_path, pipeline_mirror_url,
-                cdash_build_id, sign_binaries)
+                sign_binaries)

-            # Relate this build to its dependencies on CDash (if enabled)
-            if enable_cdash:
-                spack_ci.relate_cdash_builds(
-                    spec_map, cdash_base_url, cdash_build_id, cdash_project,
-                    pipeline_mirror_url or pr_mirror_url or remote_mirror_url)
+            if cdash_build_id:
+                tty.debug('Writing cdashid ({0}) to remote mirror: {1}'.format(
+                    cdash_build_id, pipeline_mirror_url))
+                spack_ci.write_cdashid_to_mirror(
+                    cdash_build_id, job_spec, pipeline_mirror_url)
+    else:
+        tty.debug('spack install exited non-zero, will not create buildcache')
+
+        api_root_url = get_env_var('CI_API_V4_URL')
+        ci_project_id = get_env_var('CI_PROJECT_ID')
+        ci_job_id = get_env_var('CI_JOB_ID')
+
+        repro_job_url = '{0}/projects/{1}/jobs/{2}/artifacts'.format(
+            api_root_url, ci_project_id, ci_job_id)
+
+        # Control characters cause this to be printed in blue so it stands out
+        reproduce_msg = """
+
+\033[34mTo reproduce this build locally, run:
+
+    spack ci reproduce-build {0} [--working-dir <dir>]
+
+If this project does not have public pipelines, you will need to first:
+
+    export GITLAB_PRIVATE_TOKEN=<generated_token>
+
+... then follow the printed instructions.\033[0;0m
+
+""".format(repro_job_url)
+
+        print(reproduce_msg)
+
+    # Tie job success/failure to the success/failure of building the spec
+    return install_exit_code


-def ci_reindex(args):
-    """Rebuild the buildcache index associated with the mirror in the
-       active, gitlab-enabled environment. """
-    env = ev.get_env(args, 'ci rebuild-index', required=True)
-    yaml_root = ev.config_dict(env.yaml)
+def ci_reproduce(args):
+    job_url = args.job_url
+    work_dir = args.working_dir

-    if 'mirrors' not in yaml_root or len(yaml_root['mirrors'].values()) < 1:
-        tty.die('spack ci rebuild-index requires an env containing a mirror')
-
-    ci_mirrors = yaml_root['mirrors']
-    mirror_urls = [url for url in ci_mirrors.values()]
-    remote_mirror_url = mirror_urls[0]
-
-    buildcache.update_index(remote_mirror_url, update_keys=True)
+    return spack_ci.reproduce_ci_job(job_url, work_dir)


 def ci(parser, args):
    if args.func:
-        args.func(args)
+        return args.func(args)
--- a/Show More
+++ b/Show More