Use parens around the condition instead of \

The name short_hash here is a little confusing, as Spack (like git) allows you to enter in uniqe prefixes of hashes and have them work. So I'd say the hash in your "short spec" is really a "short hash" 😄.

I think I see why we call it a short hash -- the full_hash is a SHA-256, while the dag_hash is a SHA-1, so it's shorter. That actually took me by surprise -- the full hash is really long and has a bunch of ==== padding at the end of it because SHA-256 length isn't evenly divisible by 5.

Can we do two things here?

1. Since there's just going to be one hash in the end, just call this the hash
2. change the full hash to use SHA-1/base32 like the dag_hash, so at least they're the same length. I worry about transitioning full hash to be the main hash if they're different lengths. We can talk about making the hashes longer in Spack later, but I think things will be smoother if the full hash looks like the dag hash.

#8911 represents my attempt to fulfill request (2) above.

more pythonic: if mirror_rebuilds:

seems like most of this function can be replaced with a call to check_all, if check_all took a spec set and/or list of specs as a parameter instead of opening a specific file.

Right now it duplicates a fair amount of logic.

Can this command be integrated with spack buildcache or with spack mirror? I think it makes more sense as a subcommand of one of those.

This probably belongs in a config file somewhere.

this duplicates the logic in check_all -- why not a function like CombinatorialSpecSet.from_file(path)?

minor point: consider using spack_yaml instead of yaml. spack_yaml preserves file/line info from the file as attributes on the data structure it reads in (try typing spack config blame config if you are interested).

There's actually just --log-format=cdash (and --log-format=junit) now. Sorry this is dated. Do you want me to fix it or maybe do you or @zackgalbreath want to take a stab?

should probably document @zackgalbreath's --cdash-upload-url here, before the curl stuff. Also @zackgalbreath, does that support authenticated submissions? Should that be documented?

This whole section can be ripped out and replaced with dos on @scottwittenburg's new infrastructure when it's ready.

This probably belongs in spack.util.web, and at least the urlopen part should be replaced with spack.util.web._urlopen for backward-compatibility with Python 2.6. I think you can factor out the logic in spack.util.web._spider() (the parallel web spider used by spack checksum) and use it here -- that stuff already handles things like disabling SSL verification for spack -k/--insecure, and this should respect -k.

Possibly useful (but maybe annoying) side note: Spack is a bit confused about how to fetch from URLs at the moment. fetch_strategy.URLFetchStrategy is probably the main tool for downloading, and it uses curl. It seems like system curl is the most likely tool on HPC systems to have SSL set up properly. Many HPC Pythons don't have SSL cert settings configured right, so using urlopen in Python can fail. curl can be set up wrong too, though, so that might fail as well. At the moment, we don't really have a good fallback system, or a way to try to automatically find certs in the places you might expect them to be.

Probably best not to worry about this too much here and just use _urlopen and the stuff already in spack.util.web, but in case it helps, now you have some more details.

this logic LGTM, but can you add a note that eventually it'll be less complicated (when the dag_hash is the full_hash)?

probably ok not to wrap this here, as the function's only used by routines in this file -- the SpackError is immediately caught by needs_rebuild, anyway -- you could just let it catch the URLError.

Not sure if it's clearer or not but int(bool(rebuilds)) would work too :).

probably needs a more descriptive name -- I had to think about this a bit.

I wonder if this could be made faster with logic like spack.util.web._spider or just its own multithreading.Pool -- right now it does a bunch of potentially slow web requests sequentially.

My thought is that there are two potential use cases for this, 1) parallel jobs will run this with the --no-index flag, which means one job will fetch one remote .spec.yaml, or 2) if a single process runs this, it will not use --no-index, which means that it will fetch the remote package index from the mirror and then use that to look up the full hashes of all the specs it needs to check.

So given that we don't expect a single process to sequentially make a bunch of slow web requests (though it is possible through misuse/misunderstanding), do we still need to worry about making this faster?

just break at the first ( instead of \