eic · wdconinc · Nov 15, 2025 · Nov 16, 2025 · Nov 20, 2025 · Nov 25, 2025
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
@@ -353,6 +353,7 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: debian_stable_base
@@ -362,6 +363,7 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64/v3
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: debian_stable_base
@@ -371,6 +373,7 @@ jobs:
           runner: ubuntu-24.04-arm
           PLATFORM: linux/arm64
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: debian_stable_base
@@ -380,6 +383,7 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3|py-dask|py-dask-awkward|py-dask-histogram|py-distributed|py-requests"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: debian_stable_base
@@ -389,6 +393,7 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64/v3
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3|py-dask|py-dask-awkward|py-dask-histogram|py-distributed|py-requests"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: debian_stable_base
@@ -398,6 +403,7 @@ jobs:
           runner: ubuntu-24.04-arm
           PLATFORM: linux/arm64
           target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3|py-dask|py-dask-awkward|py-dask-histogram|py-distributed|py-requests"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: cuda_devel
@@ -407,6 +413,7 @@ jobs:
           runner: ubuntu-latest
           PLATFORM: linux/amd64
           target: builder_concretization_default
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3"
         - BUILD_IMAGE: eic_
           BUILD_TYPE: default
           BUILDER_IMAGE: cuda_devel
@@ -415,7 +422,8 @@ jobs:
           arch: amd64
           runner: ubuntu-latest
           PLATFORM: linux/amd64
-          target: builder_concretization_default
+          target: final
+          SPACK_DUPLICATE_ALLOWLIST: "epic|llvm|py-setuptools|py-urllib3"
       fail-fast: false
     steps:
       - name: Free Disk Space (Ubuntu)
@@ -537,6 +545,7 @@ jobs:
             RUNTIME_IMAGE=${{ matrix.RUNTIME_IMAGE }}
             INTERNAL_TAG=${{ env.INTERNAL_TAG }}
             ENV=${{ matrix.ENV }}
+            SPACK_DUPLICATE_ALLOWLIST=${{ matrix.SPACK_DUPLICATE_ALLOWLIST }}
           cache-from: |
             type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }}-${{ matrix.BUILD_TYPE }}-${{ env.GITHUB_REF_POINT_SLUG }}-${{ matrix.arch }}
             type=registry,ref=${{ env.GH_REGISTRY }}/${{ env.GH_REGISTRY_USER }}/buildcache:${{ matrix.BUILD_IMAGE }}${{ matrix.ENV }}-${{ matrix.BUILD_TYPE }}-${{ env.GITHUB_BASE_REF_SLUG }}-${{ matrix.arch }}

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -473,6 +473,16 @@ eic:
                      --build-arg JUGGLER_SHA=$(sh .ci/resolve_git_ref eic/juggler ${JUGGLER_VERSION:-main})
                    }
                    --build-arg ENV=${ENV}
+                   --build-arg SPACK_DUPLICATE_ALLOWLIST=$(
+                     case "${ENV}" in
+                       ci|ci_without_acts|cuda|dbg|jl|prod)
+                         echo "epic|llvm|py-setuptools|py-urllib3" ;;
+                       xl|tf)
+                         echo "epic|llvm|py-setuptools|py-urllib3|py-dask|py-dask-awkward|py-dask-histogram|py-distributed|py-requests" ;;
+                       *)
+                         echo "epic|llvm|py-setuptools|py-urllib3" ;;
+                     esac
+                   )
                    --build-arg jobs=${JOBS}
                    --build-context spack-environment=spack-environment
                    --secret id=mirrors,src=mirrors.yaml

diff --git a/containers/debian/Dockerfile b/containers/debian/Dockerfile
@@ -231,7 +231,7 @@ if [ -n "${SPACKPACKAGES_CHERRYPICKS}" ] ; then
   done
 fi
 git -C ${SPACKPACKAGES_ROOT} gc --prune=all --aggressive
-spack repo add --scope site "${SPACKPACKAGES_ROOT}/repos/spack_repo/builtin"
+spack repo add --scope spack "${SPACKPACKAGES_ROOT}/repos/spack_repo/builtin"
 EOF
 
 ## Setup build configuration
@@ -246,17 +246,18 @@ declare -A target=(
   ["linux/arm64"]="aarch64"
 )
 target=${target[${TARGETPLATFORM}]}
-spack config --scope site add "packages:all:require:[target=${target}]"
-spack config --scope site add "packages:all:target:[${target}]"
+spack config --scope spack add "packages:all:require:[target=${target}]"
+spack config --scope spack add "packages:all:target:[${target}]"
 spack config blame packages
+mkdir -p $HOME/.spack/  # workaround for Spack not creating config directory automatically in some versions (see https://github.com/spack/spack/issues/51564)
 spack config --scope user add "config:suppress_gpg_warnings:true"
 spack config --scope user add "config:build_jobs:${jobs}"
 spack config --scope user add "config:db_lock_timeout:${jobs}00"
 spack config --scope user add "config:source_cache:/var/cache/spack"
 spack config --scope user add "config:install_tree:root:/opt/software"
 spack config --scope user add "config:ccache:true"
 spack config blame config
-spack compiler find --scope site
+spack compiler find --scope spack
 # Ensure GCC externals have LTO‑safe binutils configured.
 # 
 # 1. LTO issue being worked around:
@@ -290,9 +291,9 @@ EOF
 ## - allow llvm to be buildable for py-numba > py-llvmlite
 RUN <<EOF
 set -e
-spack external find --scope site llvm
-spack external find --scope site --not-buildable gcc
-spack external find --scope site --not-buildable --path /usr/local/cuda/bin cuda
+spack external find --scope spack llvm
+spack external find --scope spack --not-buildable gcc
+spack external find --scope spack --not-buildable --path /usr/local/cuda/bin cuda
 spack config blame packages
 EOF
 
@@ -301,8 +302,8 @@ EOF
 ## - the write-enabled mirror is provided later as a secret mount
 RUN --mount=type=cache,target=/var/cache/spack <<EOF
 set -e
-spack mirror add --scope site --signed spack-${SPACK_VERSION} https://binaries.spack.io/${SPACK_VERSION}
-spack mirror add --scope site --unsigned ghcr-${SPACKPACKAGES_VERSION} oci://ghcr.io/eic/spack-${SPACKPACKAGES_VERSION}
+spack mirror add --scope spack --signed spack-${SPACK_VERSION} https://binaries.spack.io/${SPACK_VERSION}
+spack mirror add --scope spack --unsigned ghcr-${SPACKPACKAGES_VERSION} oci://ghcr.io/eic/spack-${SPACKPACKAGES_VERSION}
 spack mirror list
 EOF
 
@@ -315,7 +316,7 @@ RUN <<EOF
 set -e
 git clone --filter=tree:0 https://github.com/${KEY4HEPSPACK_ORGREPO}.git ${KEY4HEPSPACK_ROOT}
 git -C ${KEY4HEPSPACK_ROOT} checkout ${KEY4HEPSPACK_SHA:-${KEY4HEPSPACK_VERSION}}
-spack repo add --scope site "${KEY4HEPSPACK_ROOT}"
+spack repo add --scope spack "${KEY4HEPSPACK_ROOT}"
 EOF
 
 ## Setup eic-spack (no need for cherry-picks)
@@ -327,5 +328,5 @@ RUN <<EOF
 set -e
 git clone --filter=tree:0 https://github.com/${EICSPACK_ORGREPO}.git ${EICSPACK_ROOT}
 git -C ${EICSPACK_ROOT} checkout ${EICSPACK_SHA:-${EICSPACK_VERSION}}
-spack repo add --scope site "${EICSPACK_ROOT}"
+spack repo add --scope spack "${EICSPACK_ROOT}"
 EOF
diff --git a/containers/eic/Dockerfile b/containers/eic/Dockerfile
@@ -46,6 +46,7 @@ ARG ENV=xl
 ENV SPACK_ENV=/opt/spack-environment/${ENV}
 ARG SPACK_FLAGS="--backtrace"
 ARG SPACK_INSTALL_FLAGS="--no-check-signature --show-log-on-error --yes-to-all"
+ARG SPACK_DUPLICATE_ALLOWLIST=""
-ARG SPACK_DUPLICATE_ALLOWLIST=""
+ARG SPACK_DUPLICATE_ALLOWLIST="a^"
-ARG SPACK_DUPLICATE_ALLOWLIST=""
+ARG SPACK_DUPLICATE_ALLOWLIST="a^"
 ENV SPACK_COLOR="always"
 ENV GIT_TERMINAL_PROMPT=0
 
@@ -55,11 +56,14 @@ set -e
 spack env activate --without-view --dir ${SPACK_ENV}
 spack concretize --force
 spack --color=never find --long --no-groups --show-concretized --format "{name}" \
-| uniq -D -f2 | grep -v -w -e "\(epic\|llvm\|py-setuptools\|py-urllib3\)" \
-| tee /tmp/duplicates.txt
-if [ -s /tmp/duplicates.txt ] ; then
-  echo "Duplicate packages found"
-  cat /tmp/duplicates.txt | while read status hash spec ; do
+| uniq -D -f2 \
+| tee /tmp/duplicates_all.txt \
+| grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" \
+| tee /tmp/duplicates_disallowed.txt
-| tee /tmp/duplicates_all.txt \
-| grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" \
-| tee /tmp/duplicates_disallowed.txt
+| tee /tmp/duplicates_all.txt
+if [ -n "${SPACK_DUPLICATE_ALLOWLIST}" ] ; then
+  grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" /tmp/duplicates_all.txt \
+  | tee /tmp/duplicates_disallowed.txt
+else
+  cat /tmp/duplicates_all.txt \
+  | tee /tmp/duplicates_disallowed.txt
+fi
-| tee /tmp/duplicates_all.txt \
-| grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" \
-| tee /tmp/duplicates_disallowed.txt
+| tee /tmp/duplicates_all.txt
+if [ -n "${SPACK_DUPLICATE_ALLOWLIST}" ] ; then
+  grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" /tmp/duplicates_all.txt \
+  | tee /tmp/duplicates_disallowed.txt
+else
+  cat /tmp/duplicates_all.txt \
+  | tee /tmp/duplicates_disallowed.txt
+fi
+if [ -s /tmp/duplicates_disallowed.txt ] ; then
+  echo "Duplicate packages found:"
+  cat /tmp/duplicates_disallowed.txt
+  cat /tmp/duplicates_disallowed.txt | while read status hash spec ; do
     spack --backtrace spec --long /${hash}
     if [ "$prevspec" = "$spec" ] ; then
       spack diff /${hash} /${prevhash}
@@ -192,11 +196,14 @@ if [ -n "${JUGGLER_SHA}" ] ; then
 fi
 spack concretize --force
 spack --color=never find --long --no-groups --show-concretized --format "{name}" \
-| uniq -D -f2 | grep -v -w -e "\(epic\|llvm\|py-setuptools\|py-urllib3\)" \
-| tee /tmp/duplicates.txt
-if [ -s /tmp/duplicates.txt ] ; then
-  echo "Duplicate packages found"
-  cat /tmp/duplicates.txt | while read status hash spec ; do
+| uniq -D -f2 \
+| tee /tmp/duplicates_all.txt \
+| grep -Evw "(${SPACK_DUPLICATE_ALLOWLIST})" \
+| tee /tmp/duplicates_disallowed.txt
+if [ -s /tmp/duplicates_disallowed.txt ] ; then
+  echo "Duplicate packages found:"
+  cat /tmp/duplicates_disallowed.txt
+  cat /tmp/duplicates_disallowed.txt | while read status hash spec ; do
     spack --backtrace spec --long /${hash}
     if [ "$prevspec" = "$spec" ] ; then
       spack diff /${hash} /${prevhash}
@@ -359,13 +366,13 @@ RUN ldconfig
 ENV SPACK_DISABLE_LOCAL_CONFIG="true"
 RUN <<EOF
 set -e
-spack config --scope site add "config:install_tree:root:~/spack"
-spack config --scope site add "config:source_cache:~/.spack/cache"
-spack config --scope site add "config:binary_index_root:~/.spack"
-spack config --scope site add "config:environments_root:~/.spack/env"
-spack config --scope site add "config:suppress_gpg_warnings:true"
+spack config --scope spack add "config:install_tree:root:~/spack"
+spack config --scope spack add "config:source_cache:~/.spack/cache"
+spack config --scope spack add "config:binary_index_root:~/.spack"
+spack config --scope spack add "config:environments_root:~/.spack/env"
+spack config --scope spack add "config:suppress_gpg_warnings:true"
 spack config blame config
-spack config --scope site add "upstreams:eic-shell:install_tree:/opt/software"
+spack config --scope spack add "upstreams:eic-shell:install_tree:/opt/software"
 spack config blame upstreams
 EOF
 

diff --git a/spack-environment/packages.yaml b/spack-environment/packages.yaml
@@ -26,15 +26,19 @@ packages:
     #- any_of: [+ipo, '@:']
     - any_of: [build_system=cmake, '@:']
     - any_of: [build_type=Release, '@:']
+  abseil-cpp:
+    require:
+    # Without constraints on abseil-cpp, we end up with cxxstd=14 branches
+    - cxxstd=17
   acts:
     require:
     - '@44.3.0'
     - cxxstd=20 +dd4hep ~edm4hep +examples +fatras +geant4 +json +onnx +podio +python +svg +tgeo +pr4496 +pr4502 +pr4620
     # ACTS requires same compiler as DD4hep since compiler options are reused
-    - spec: '%gcc'
-      when: '^dd4hep%gcc'
-    - spec: '%clang'
-      when: '^dd4hep%clang'
+    - spec: '%c=gcc %cxx=gcc'
+      when: '^dd4hep %c=gcc %cxx=gcc'
+    - spec: '%c=clang %cxx=clang'
+      when: '^dd4hep %c=clang %cxx=clang'
   actsvg:
     require:
     - '@0.4.56'
@@ -270,9 +274,9 @@ packages:
     require:
     - '@6.5.5'
     - +python
-  llvm:
-    require:
-    - any_of: [~gold, '@:']
+  #llvm:
+    #require:
+    #- any_of: [~gold, '@:']
     # FIXME any ipo requirement breaks llvm external reuse
     #- any_of: [~ipo, '@:']
   madx:
@@ -444,7 +448,7 @@ packages:
     - '@0.61.0:'
   py-numpy:
     require:
-    - '@2.0.2:'
+    - '@2.2'  # pin to avoid duplicates in eic_tf
   py-onnx:
     require:
     - '@1.17.0'
@@ -495,7 +499,7 @@ packages:
     - '@0.13.2:'
   py-tensorflow:
     require:
-    - '%clang'
+    - '%cxx=clang'
     - '@2.20'
   py-toml:
     require:
@@ -543,6 +547,9 @@ packages:
   snakemake:
     require:
     - '@8.5.2'
+  swig:
+    require:
+    - '@4.1:'  # constrain to avoid duplicates in eic_tf
   py-snakemake-storage-plugin-fs:
     require:
     - '@0.2.0:'

diff --git a/spack-environment/tf/spack.yaml b/spack-environment/tf/spack.yaml
@@ -3,6 +3,8 @@ spack:
   - ../concretizer.yaml
   - ../packages.yaml
   - ../view.yaml
+  concretizer:
+    unify: when_possible  # py-numba needs a different llvm than the one provided as external
   specs:
   - edm4hep
   - onnx

diff --git a/spack.sh b/spack.sh
@@ -3,7 +3,7 @@ SPACK_ORGREPO="spack/spack"
 
 ## Spack github version, e.g. v0.18.1 or commit hash
 ## note: nightly builds will use e.g. releases/v1.0
-SPACK_VERSION="v1.0.2"
+SPACK_VERSION="v1.1.0"
 
 ## Space-separated list of spack cherry-picks
 read -r -d '' SPACK_CHERRYPICKS <<- \