Merge branch 'master' into add_pypy

support Python 3.14 (#453 )
* support Python 3.14 * update Python in Docker containers
2025-12-12 17:59:48 +01:00 · 2025-11-14 16:13:22 +01:00 · 2025-11-14 16:01:13 +01:00 · 2025-11-14 14:02:14 +01:00 · 2025-11-14 07:54:49 +01:00 · 2025-10-21 21:42:24 +02:00
43 changed files with 2346 additions and 1240 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -6,7 +6,7 @@
        "context": "..",
        //Update 'VARIANT' to pick a Python version: 3, 3.10, ...
        "args": {
-            "VARIANT": "3.11"
+            "VARIANT": "3.14"
        }
    },
    // Add the IDs of extensions you want installed when the container is created.
--- a/.envrc
+++ b/.envrc
@@ -0,0 +1,3 @@
+source_url "https://raw.githubusercontent.com/cachix/devenv/95f329d49a8a5289d31e0982652f7058a189bfca/direnvrc" "sha256-d+8cBpDfDBj41inrADaJt+bDWhOktwslgoP5YiGJ1v0="
+
+use devenv
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,5 @@
+* text eol=lf
+*.sh text eol=lf
+*.bat text eol=crlf
+*.cmd text eol=crlf
+*.ps1 text eol=crlf
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,17 @@
+# Copilot Instructions
+
+This project is a web application that allows users to create and manage tasks. The application is built using Python.
+
+## Coding Standards
+
+- Use snakeCase for variable and function names.
+- Use PascalCase for component names.
+- Use double quotes for strings.
+- Use 4 spaces for indentation.
+
+## Tone
+
+- If I tell you that you are wrong, think about whether or not you think that's true and respond with facts.
+- Avoid apologizing or making conciliatory statements.
+- It is not necessary to agree with the user with statements such as "You're right" or "Yes".
+- Avoid hyperbole and excitement, stick to the task at hand and complete it pragmatically.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -8,4 +8,4 @@ updates:
  - package-ecosystem: "pip" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
-      interval: "weekly"
+      interval: "daily"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,20 +19,35 @@ jobs:
  build:

    strategy:
+      fail-fast: false
      matrix:
-        python-version: ["3.x", "3.11", "3.10", "3.9", "3.8", "3.7"]
-        platform: [ubuntu-latest, macos-latest, windows-latest]
-        # exclude:
+        # 3.x is used to run code coverage
+        python-version: ["3.x", "3.14", "3.13", "3.12", "3.11", "3.10", "3.9", "pypy3.10", "pypy3.11"]
+        platform: [ubuntu-latest, macos-latest, windows-latest, ubuntu-24.04-arm, macos-15-intel]
+        exclude:
+          - python-version: "pypy3.10"
+            platform: "windows-latest"
+          - python-version: "pypy3.11"
+            platform: "windows-latest"
+          - python-version: "pypy3.10"
+            platform: "ubuntu-24.04-arm"
+          - python-version: "pypy3.11"
+            platform: "ubuntu-24.04-arm"
+          - python-version: "pypy3.10"
+            platform: "macos-latest"
+          - python-version: "pypy3.11"
+            platform: "macos-latest"

    runs-on: ${{ matrix.platform }}

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
-          check-latest: false
+          check-latest: ${{ github.event_name == 'schedule' }}
+          allow-prereleases: false
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
        run: |
@@ -52,7 +67,6 @@ jobs:
          flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
          # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
          flake8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics
-        if: matrix.python-version != '3.7'
      - name: Type checking with mypy
        run: |
          mypy --install-types --non-interactive src/*.py tests/*.py
@@ -60,8 +74,7 @@ jobs:
        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
      - name: Test with pytest
        run: pytest
-        if: (matrix.python-version != '3.x' || matrix.platform != 'ubuntu-latest')
-        # && matrix.platform != 'macos-latest'
+        if: (matrix.python-version != '3.x' || matrix.platform != 'ubuntu-latest') && (matrix.python-version != '3.10' && matrix.platform != 'macos-latest')
      - name: Test with pytest (with code coverage)
        run: pytest --cov=extract_otp_secrets_test --junitxml=pytest.xml --cov-report=term-missing | tee pytest-coverage.txt
        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
@@ -72,6 +85,6 @@ jobs:
          pytest-coverage-path: ./pytest-coverage.txt
          junitxml-path: ./pytest.xml
        if: |
-          matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
+          false && matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
          && !contains(github.ref, 'refs/tags/')

--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -25,14 +25,24 @@ on:

 jobs:
  build-and-push-docker-debian-image:
-    name: Build Docker Bullseye image and push to repositories
+    name: Build Docker Bookworm image and push to repositories
    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - DOCKER_ARCH: amd64
+            platform: ubuntu-latest
+            PLATFORM_ARCH: x86_64
+          - DOCKER_ARCH: arm64
+            platform: ubuntu-24.04-arm
+            PLATFORM_ARCH: arm64
+
+    runs-on: ${{ matrix.platform }}

    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -44,50 +54,51 @@ jobs:
          pytest

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
-        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
-        # TODO remove workaround when fixed
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
+        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_IO_TOKEN }}

-      - name: "Build image and push to Docker Hub and GitHub Container Registry"
+      - name: "Build image (Bookworm/Debian 12) and push to Docker Hub and GitHub Container Registry"
        id: docker_build_qr_reader_latest
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
        with:
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
          # TODO file:, move to docker/
          context: .
-          file: Dockerfile
+          file: docker/Dockerfile
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
+          build-args: |
+            BASE_IMAGE=python:3.14-slim-trixie
          pull: true
          tags: |
-            scit0/extract_otp_secrets:latest
-            scit0/extract_otp_secrets:bullseye
-            ghcr.io/scito/extract_otp_secrets:latest
-            ghcr.io/scito/extract_otp_secrets:bullseye
+            docker.io/scit0/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
+            docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+            ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
+            ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' }}
+          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}

      - name: Image digest
        # TODO upload digests to assets
@@ -96,20 +107,68 @@ jobs:
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: debian_digests
+          name: digests_bookworm_${{ matrix.PLATFORM_ARCH }}
          path: digests.txt

+  create-multiarch-debian-manifests:
+    name: Create multiarch manifests for Debian image
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+    runs-on: ubuntu-latest
+    needs:
+      - build-and-push-docker-debian-image
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_IO_TOKEN }}
+
+      - name: Create multiarch manifests
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+        shell: bash
+        run: |
+          for tag in \
+            docker.io/scit0/extract_otp_secrets:latest \
+            ghcr.io/scito/extract_otp_secrets:latest \
+            docker.io/scit0/extract_otp_secrets:bookworm \
+            ghcr.io/scito/extract_otp_secrets:bookworm \
+          ; do
+            docker buildx imagetools create -t $tag \
+              $tag-x86_64 \
+              $tag-arm64
+          done
+
+
  build-and-push-docker-alpine-image:
    name: Build Docker Alpine image and push to repositories
    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - DOCKER_ARCH: amd64
+            platform: ubuntu-latest
+            PLATFORM_ARCH: x86_64
+          - DOCKER_ARCH: arm64
+            platform: ubuntu-24.04-arm
+            PLATFORM_ARCH: arm64
+
+    runs-on: ${{ matrix.platform }}

    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -121,21 +180,23 @@ jobs:
          pytest

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -143,22 +204,24 @@ jobs:

      - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_only_txt
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
        with:
+          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
-          platforms: linux/amd64,linux/arm64
          context: .
-          file: Dockerfile_only_txt
+          file: docker/Dockerfile_only_txt
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
          pull: true
          tags: |
-            scit0/extract_otp_secrets:only-txt
-            scit0/extract_otp_secrets:alpine
-            ghcr.io/scito/extract_otp_secrets:only-txt
-            ghcr.io/scito/extract_otp_secrets:alpine
+            docker.io/scit0/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
+            docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+            ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
+            ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
          # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' }}
+          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
          build-args: |
            RUN_TESTS=true

@@ -170,20 +233,70 @@ jobs:

      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: alpine_digests
+          name: digests_alpine_${{ matrix.PLATFORM_ARCH }}
          path: digests.txt

-  build-and-push-docker-buster-image:
-    name: Build Docker Buster image (for PyInstsaller) and push to repositories
-    # run only when code is compiling and tests are passing
+  create-multiarch-alpine-manifests:
+    name: Create multiarch manifests for Alpine image
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
    runs-on: ubuntu-latest
+    needs:
+      - build-and-push-docker-alpine-image
+    defaults:
+      run:
+        shell: bash
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_IO_TOKEN }}
+
+      - name: Create multiarch manifests
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+        shell: bash
+        run: |
+          for tag in \
+              docker.io/scit0/extract_otp_secrets:only-txt \
+              docker.io/scit0/extract_otp_secrets:alpine \
+              ghcr.io/scito/extract_otp_secrets:only-txt \
+              ghcr.io/scito/extract_otp_secrets:alpine \
+            ; do
+              docker buildx imagetools create -t $tag \
+                $tag-x86_64 \
+                $tag-arm64
+            done
+
+  build-and-push-docker-bullseye-image:
+    name: Build Docker Bullseye image (for PyInstsaller) and push to repositories
+    # run only when code is compiling and tests are passing
+    strategy:
+      matrix:
+        include:
+          - DOCKER_ARCH: amd64
+            platform: ubuntu-latest
+            PLATFORM_ARCH: x86_64
+          - DOCKER_ARCH: arm64
+            platform: ubuntu-24.04-arm
+            PLATFORM_ARCH: arm64
+
+    runs-on: ${{ matrix.platform }}

    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -195,49 +308,48 @@ jobs:
          pytest

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
-        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
-        # TODO remove workaround when fixed
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
+        uses: docker/setup-buildx-action@v3

      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_IO_TOKEN }}

-      - name: "Build image from Buster and push to GitHub Container Registry"
-        id: docker_build_buster
+      - name: "Build image from Bullseye (Debian 11) and push to GitHub Container Registry"
+        id: docker_build_bullseye
        if: github.ref == 'refs/heads/master'
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
        with:
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/${{ matrix.DOCKER_ARCH }}
          # relative path to the place where source code with Dockerfile is located
-          # TODO file:, move to docker/
          context: .
-          file: Dockerfile
+          file: docker/Dockerfile
          # builder: ${{ steps.buildx.outputs.name }}
          build-args: |
-            BASE_IMAGE=python:3.11-slim-buster
+            BASE_IMAGE=python:3.13-slim-bullseye
          # Note: tags has to be all lower-case
          pull: true
          tags: |
-            scit0/extract_otp_secrets:buster
-          push: true
+            docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+            ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
+          push: ${{ github.secret_source == 'Actions' }}

      - name: Image digest
        # TODO upload digests to assets
@@ -246,7 +358,55 @@ jobs:
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: buster_digests
+          name: digests_bullseye_${{ matrix.PLATFORM_ARCH }}
          path: digests.txt
+
+  create-multiarch-bullseye-manifests:
+    name: Create multiarch manifests for Bullseye image
+    runs-on: ubuntu-latest
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+    needs:
+      - build-and-push-docker-bullseye-image
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GHCR_IO_TOKEN }}
+
+      - name:
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+        shell: bash
+        run: |
+          for tag in \
+              docker.io/scit0/extract_otp_secrets:bullseye \
+              ghcr.io/scito/extract_otp_secrets:bullseye \
+            ; do
+              docker buildx imagetools create -t $tag \
+                $tag-x86_64 \
+                $tag-arm64
+            done
+
+  container-images-clean-up:
+    name: Cleanup old container images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete Container Packages
+        uses: actions/delete-package-versions@v5
+        if: ${{ github.secret_source == 'Actions'}}
+        with:
+          package-name: 'extract_otp_secrets'
+          package-type: 'container'
+          min-versions-to-keep: 1
+          delete-only-untagged-versions: 'true'
--- a/.github/workflows/ci_release.yml
+++ b/.github/workflows/ci_release.yml
@@ -20,9 +20,14 @@ name: release
 # https://peps.python.org/pep-0440/
 # https://semver.org/

+# macOS:
+# https://pyinstaller.org/en/stable/usage.html#building-macos-app-bundles
+# https://github.com/pyinstaller/pyinstaller/wiki/Recipe-OSX-Code-Signing
+
 # Build matrix:
 # - Linux x86_64 glibc 2.35: ubuntu-latest
-# - Linux x86_64 glibc 2.34: extract_otp_secrets:buster
+# - Linux x86_64 glibc 2.31: extract_otp_secrets:bullseye
+# - Linux x86_64 glibc 2.36: extract_otp_secrets:bookworm
 # - Windows x86_64: windows-latest
 # - MacOS x86_64: macos-11
 # - Linux x86_64 glibc 2.28: extract_otp_secrets:buster
@@ -51,6 +56,8 @@ jobs:
      tag_name: ${{ steps.meta.outputs.tag_name }}
      tag_message: ${{ steps.meta.outputs.tag_message }}
    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
      - name: Set meta data
        id: meta
        # Writing to env with >> $GITHUB_ENV is an alternative
@@ -66,8 +73,13 @@ jobs:
      - name: Create Release
        id: create_release
        if: startsWith(github.ref, 'refs/tags/v')
+        # https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
        run: |
-          # https://docs.github.com/en/rest/releases/releases?apiVersion=2022-11-28#create-a-release
+          echo "date: ${{ steps.meta.outputs.date }}"
+          echo "version: ${{ steps.meta.outputs.version }}"
+          echo "inline_version: ${{ steps.meta.outputs.inline_version }}"
+          echo "tag_name: ${{ steps.meta.outputs.tag_name }}"
+          echo "tag_message: ${{ steps.meta.outputs.tag_message }}"
          response=$(curl \
            -X POST \
            -H "Accept: application/vnd.github+json" \
@@ -76,42 +88,45 @@ jobs:
            https://api.github.com/repos/scito/extract_otp_secrets/releases \
            --silent \
            --show-error \
-            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\nJust download the executable and execute it.\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (barely tested due to no access to Apple environment; libzbar must be installed separately, see README.md) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | N/A |\n ","draft":true,"prerelease":false,"generate_release_notes":true}')
+            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\n## Executables\n\nDownload the executable for your platform and execute it, see [README.md](https://github.com/scito/extract_otp_secrets#readme)\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.dmg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.pkg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (bare executable, see [README.md](https://github.com/scito/extract_otp_secrets#readme); optional libzbar must be installed manually, see [README.md](https://github.com/scito/extract_otp_secrets#readme)) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | N/A |\n","draft":true,"prerelease":false,"generate_release_notes":true}')
          echo upload_url=$(jq '.upload_url' <<< "$response") >> $GITHUB_OUTPUT
          echo $(jq -r '.upload_url' <<< "$response") > release_url.txt
          echo $(jq -r '.id' <<< "$response") > release_id.txt
      - name: Save Release URL File for publish
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: release_url
          path: release_url.txt
      - name: Save asset upload id for publish
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: release_id
          path: release_id.txt

  build-linux-executable-in-docker:
-    name: Build ${{ matrix.PLATFORM }} release in docker container
+    name: Build ${{ matrix.platform }} release in docker container
    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
    needs: create-release
    strategy:
      matrix:
        include:
-          - PLATFORM: linux/amd64
+          - DOCKER_PLATFORM: linux/amd64
+            platform: ubuntu-latest
            EXE: extract_otp_secrets_linux_x86_64
            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64
-          - PLATFORM: linux/arm64
+          - DOCKER_PLATFORM: linux/arm64
+            platform: ubuntu-24.04-arm
            EXE: extract_otp_secrets_linux_arm64
            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_arm64

+    runs-on: ${{ matrix.platform }}
+
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v5

      # avoid building if there are testing errors
      - name: Run smoke test
@@ -123,26 +138,28 @@ jobs:
          pytest

      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3

      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
        # TODO remove workaround when fixed
        with:
          driver-opts: |
-            image=moby/buildkit:v0.10.6
+            image=moby/buildkit:latest

      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
+        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -151,21 +168,21 @@ jobs:
      - name: Image digest
        # TODO upload digests to assets
        run: |
-          echo "extract_otp_secrets: ${{ steps.docker_build_buster.outputs.digest }}"
+          echo "extract_otp_secrets: ${{ steps.docker_build_bullseye.outputs.digest }}"

        # TODO use local docker image https://stackoverflow.com/a/61155718/1663871
        # https://github.com/multiarch/qemu-user-static
        # https://hub.docker.com/r/multiarch/qemu-user-static/
      - name: Run Pyinstaller in container for ${{ matrix.EXE }}
        run: |
-          docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes
-          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'
+          docker run --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files docker.io/scit0/extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'

-      - name: Smoke tests ${{ matrix.PLATFORM }}
-        if: matrix.PLATFORM == 'linux/amd64'
+      - name: Smoke tests linux/amd64
+        if: matrix.DOCKER_PLATFORM == 'linux/amd64'
        run: |
          dist/${{ matrix.EXE }} -V
          dist/${{ matrix.EXE }} -h
+          dist/${{ matrix.EXE }} --debug
          dist/${{ matrix.EXE }} example_export.png
          dist/${{ matrix.EXE }} - < example_export.txt
          dist/${{ matrix.EXE }} --qr ZBAR example_export.png
@@ -173,17 +190,22 @@ jobs:
          dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png
          dist/${{ matrix.EXE }} --qr CV2 example_export.png
          dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png
-      - name: Smoke tests ${{ matrix.PLATFORM }}
-        if: matrix.PLATFORM == 'linux/arm64'
+      - name: Smoke tests linux/arm64
+        if: matrix.DOCKER_PLATFORM == 'linux/arm64'
        run: |
-          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
+          docker run --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files docker.io/scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
        with:
          name: release_url
      - name: Display structure of files
        run: ls -R
+      - name: Upload EXE to artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.EXE }}
+          path: dist/${{ matrix.EXE }}
      - name: Upload Release Asset
        id: upload-release-asset
        if: startsWith(github.ref, 'refs/tags/v')
@@ -204,6 +226,7 @@ jobs:
    needs: create-release
    runs-on: ${{ matrix.os }}
    strategy:
+      fail-fast: false
      matrix:
        # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-github-hosted-runners
        include:
@@ -213,34 +236,55 @@ jobs:
            # TODO add --manifest
            # TODO find more elegant solution for pyzbar\libiconv.dll and pyzbar\libzbar-64.dll
            # Files of Visual C++ 2013 Redistributable Package: https://support.microsoft.com/en-us/topic/update-for-visual-c-2013-redistributable-package-d8ccd6a5-4e26-c290-517b-8da6cfdf4f10
-            OUT_FILE_NAME: extract_otp_secrets.exe
+            EXE: extract_otp_secrets.exe
            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_win_x86_64.exe
            ASSET_MIME: application/vnd.microsoft.portable-executable
            UPLOAD: true
            CMD_BUILD: |
-              pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector;__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll;pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll;pyzbar" --onefile --version-file build\file_version_info.txt src\extract_otp_secrets.py
-          - os: macos-11
-            TARGET: macos
-            # TODO add --icon
-            # TODO add --osx-bundle-identifier
-            # TODO add --codesign-identity
-            # TODO add --osx-entitlements-file
-            # TODO https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
-            # TODO --target-arch universal2
-            OUT_FILE_NAME: extract_otp_secrets
-            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_x86_64
-            ASSET_MIME: application/x-newton-compatible-pkg
-            UPLOAD: true
-            CMD_BUILD: |
-              pyinstaller -y --add-data $macos_python_path/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --argv-emulation src/extract_otp_secrets.py
+              pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector:__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll:pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll:pyzbar" --onefile --version-file build\win_file_version_info.txt --name extract_otp_secrets.exe src\extract_otp_secrets.py
          - os: ubuntu-latest
            TARGET: linux
-            OUT_FILE_NAME: extract_otp_secrets
+            EXE: extract_otp_secrets_ubuntu
            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64_ubuntu_latest
            ASSET_MIME: application/x-executable
            UPLOAD: false
            CMD_BUILD: |
-                pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile src/extract_otp_secrets.py
+                pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu src/extract_otp_secrets.py
+          - os: ubuntu-24.04-arm
+            TARGET: linux
+            EXE: extract_otp_secrets_ubuntu_arm64
+            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_arm64_ubuntu_latest
+            ASSET_MIME: application/x-executable
+            UPLOAD: false
+            CMD_BUILD: |
+                pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu_arm64 src/extract_otp_secrets.py
+          - os: macos-15-intel
+            TARGET: macos
+            # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
+            EXE: extract_otp_secrets
+            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_x86_64
+            DMG: extract_otp_secrets.dmg
+            ASSET_NAME_DMG: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_x86_64.dmg
+            ASSET_MIME: application/octet-stream
+            UPLOAD: true
+            CMD_BUILD: |
+              VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2025' envsubst < installer/extract_otp_secrets_macos_template.spec > extract_otp_secrets_macos.spec
+              pyinstaller -y extract_otp_secrets_macos.spec
+              installer/build_dmg.sh
+          # Disable WARN: Cannot import pyzbar module. This problem is probably due to the missing zbar shared library.
+          # - os: macos-14
+          #   TARGET: macos
+          #   # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
+          #   EXE: extract_otp_secrets
+          #   ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_arm64
+          #   DMG: extract_otp_secrets.dmg
+          #   ASSET_NAME_DMG: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_arm64.dmg
+          #   ASSET_MIME: application/octet-stream
+          #   UPLOAD: true
+          #   CMD_BUILD: |
+          #     VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2025' envsubst < installer/extract_otp_secrets_macos_template.spec > extract_otp_secrets_macos.spec
+          #     pyinstaller -y extract_otp_secrets_macos.spec
+          #     installer/build_dmg.sh
    steps:
      - name: Output path
        if: runner.os == 'Windows'
@@ -248,14 +292,14 @@ jobs:
      - name: List Windir
        if: runner.os == 'Windows'
        run: ls "$($Env:WinDir)\system32"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
      - name: Set macos macos_python_path
        # TODO use variable for Python version
-        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.11" >> $GITHUB_ENV
-      - name: Set up Python 3.11
-        uses: actions/setup-python@v4
+        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.14" >> $GITHUB_ENV
+      - name: Set up Python 3.14
+        uses: actions/setup-python@v6
        with:
-          python-version: 3.11
+          python-version: 3.14
          check-latest: true
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
@@ -264,18 +308,18 @@ jobs:
      - name: Install zbar shared lib for QReader (macOS)
        if: runner.os == 'macOS'
        run: |
-          brew install zbar
+          brew install zbar create-dmg
      - name: Install dependencies
        # TODO fix --use-pep517
        run: |
          python -m pip install --upgrade pip
          pip install -U -r requirements-dev.txt
          pip install -U .
-      - name: Create Windows file_version_info.txt
+      - name: Create Windows win_file_version_info.txt
        shell: bash
        run: |
              mkdir -p build/
-              VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(echo $(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") | sed -E -n "s/^([0-9]+).*/\1/p") VERSION_BUILD=$(echo $(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") | sed -E -n -e"s/^[0-9]+.+/99/p")$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) YEARS='2020-2023' envsubst < file_version_info_template.txt > build/file_version_info.txt
+              VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(echo $(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") | sed -E -n "s/^([0-9]+).*/\1/p") VERSION_BUILD=$(echo $(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") | sed -E -n -e"s/^[0-9]+.+/99/p")$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) COPYRIGHT_YEARS='2020-2025' envsubst < installer/win_file_version_info_template.txt > build/win_file_version_info.txt
      - name: Build with pyinstaller for ${{ matrix.TARGET }}
        env:
          # Reproducible build: https://pyinstaller.org/en/stable/advanced-topics.html#creating-a-reproducible-build
@@ -283,26 +327,27 @@ jobs:
        run: ${{ matrix.CMD_BUILD }}
      - name: Smoke tests for generated exe (general)
        run: |
-          dist/${{ matrix.OUT_FILE_NAME }} -V
-          dist/${{ matrix.OUT_FILE_NAME }} -h
-          dist/${{ matrix.OUT_FILE_NAME }} example_export.png
-          dist/${{ matrix.OUT_FILE_NAME }} --qr ZBAR example_export.png
-          dist/${{ matrix.OUT_FILE_NAME }} --qr QREADER example_export.png
-          dist/${{ matrix.OUT_FILE_NAME }} --qr QREADER_DEEP example_export.png
-          dist/${{ matrix.OUT_FILE_NAME }} --qr CV2 example_export.png
-          dist/${{ matrix.OUT_FILE_NAME }} --qr CV2_WECHAT example_export.png
+          dist/${{ matrix.EXE }} -V
+          dist/${{ matrix.EXE }} -h
+          dist/${{ matrix.EXE }} --debug
+          dist/${{ matrix.EXE }} example_export.png
+          dist/${{ matrix.EXE }} --qr ZBAR example_export.png
+          dist/${{ matrix.EXE }} --qr QREADER example_export.png
+          dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png
+          dist/${{ matrix.EXE }} --qr CV2 example_export.png
+          dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png
      - name: Smoke tests for generated exe (stdin)
        if: runner.os != 'Windows'
        run: |
-          dist/${{ matrix.OUT_FILE_NAME }} - < example_export.txt
+          dist/${{ matrix.EXE }} - < example_export.txt
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
        with:
          name: release_url
      - name: Load Release Id File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
        with:
          name: release_id
      - name: Display structure of files
@@ -314,11 +359,27 @@ jobs:
        run: |
          echo "release_id=$(cat release_id.txt)" >> $GITHUB_OUTPUT
          echo "upload_url=https://uploads.github.com/repos/scito/extract_otp_secrets/releases/$(cat release_id.txt)/assets?name=" >> $GITHUB_OUTPUT
+      - name: Upload EXE to artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.EXE }}
+          path: dist/${{ matrix.EXE }}
+      - name: Upload DMG to artifacts
+        uses: actions/upload-artifact@v4
+        if: runner.os == 'macOS'
+        with:
+          name: ${{ matrix.DMG }}
+          path: dist/${{ matrix.DMG }}
      - name: Upload Release Asset
        id: upload-release-asset
        if: matrix.UPLOAD && startsWith(github.ref, 'refs/tags/v')
        run: |
-          curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: ${{ matrix.ASSET_MIME }}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @dist/${{ matrix.OUT_FILE_NAME }} ${{ steps.meta.outputs.upload_url }}=${{ matrix.ASSET_NAME }}
+          curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: ${{ matrix.ASSET_MIME }}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @dist/${{ matrix.EXE }} ${{ steps.meta.outputs.upload_url }}=${{ matrix.ASSET_NAME }}
+      - name: Upload Release Asset DMG (macOS)
+        id: upload-release-asset-dmg
+        if: false && matrix.UPLOAD && startsWith(github.ref, 'refs/tags/v') && runner.os == 'macOS'
+        run: |
+          curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: ${{ matrix.ASSET_MIME }}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @dist/${{ matrix.DMG }} ${{ steps.meta.outputs.upload_url }}=${{ matrix.ASSET_NAME_DMG }}

  upload-hashes:
    name: Upload hashes
@@ -329,7 +390,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Load Release Id File from release job
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v5
        with:
          name: release_id
      - name: Set meta data
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,26 +42,26 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
        # By default, queries listed here will override any specified in a config file.
        # Prefix the list here with "+" to use these queries and those in the config file.
-        
+
        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
        # queries: security-extended,security-and-quality

-        
+
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun

-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.

    # - run: |
@@ -69,6 +69,6 @@ jobs:
    #   ./location_of_script_within_repo/buildscript.sh

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
      with:
        category: "/language:${{matrix.language}}"
--- a/.gitignore
+++ b/.gitignore
@@ -20,9 +20,27 @@ dist/
 pytest-coverage.txt
 tests/reports/
 dist_*/
-*.spec

 file_version_info_python.txt
 file_version_info_explorer.txt
 file_version_info.txt
 assets/*
+extract_otp_secrets_linux_arm64.spec
+extract_otp_secrets_linux_x86_64_bullseye.spec
+extract_otp_secrets_linux_x86_64_bookworm.spec
+extract_otp_secrets_linux_x86_64.spec
+extract_otp_secrets.spec
+test.txt
+extract_otp_secrets.build/
+extract_otp_secrets.dist/
+extract_otp_secrets.onefile-build/
+extract_otp_secrets.bin
+# Devenv
+.devenv*
+devenv.local.nix
+
+# direnv
+.direnv
+
+# pre-commit
+.pre-commit-config.yaml
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -2,7 +2,7 @@
    "python.testing.pytestArgs": [
        "."
    ],
-    "python.testing.unittestEnabled": true,
+    "python.testing.unittestEnabled": false,
    "python.testing.pytestEnabled": true,
    "cSpell.words": [
        "devbox",
--- a/11
+++ b/11
@@ -4,15 +4,15 @@ verify_ssl = true
 name = "pypi"

 [packages]
-colorama = ">=0.4.6"
+colorama = "0.4.6"
 opencv-contrib-python = "*"
+numpy = "2.3.4"
 # for macOS: opencv-contrib-python = "<=4.7.0"
-# for PYTHON <= 3.7: typing_extensions = "*"
 pillow = "*"
 pyzbar = "*"
 protobuf = "*"
 qrcode = "*"
-qreader = "<2.0.0"
+qreader = "1.3.2"

 [dev-packages]
 build = "*"
@@ -20,13 +20,12 @@ flake8 = "*"
 gfm-toc = "*"
 mypy = "*"
 mypy-protobuf = "*"
+nuitka = "*"
 pylint = "*"
 pytest = "*"
 pytest-cov = "*"
 pytest-mock = "*"
-setuptools-git-versioning = "*"
 types-protobuf = "*"
-wheel = "*"

 [requires]
-python_version = "3.11"
+python_version = "3.14"
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/README.md
+++ b/README.md
@@ -2,10 +2,10 @@

 [![CI tests](https://github.com/scito/extract_otp_secrets/actions/workflows/ci.yml/badge.svg)](https://github.com/scito/extract_otp_secrets/actions/workflows/ci.yml)
 [![CI docker](https://github.com/scito/extract_otp_secrets/actions/workflows/ci_docker.yml/badge.svg)](https://github.com/scito/extract_otp_secrets/actions/workflows/ci_docker.yml)
-![coverage](https://img.shields.io/badge/coverage-94%25-brightgreen)
+![coverage](https://img.shields.io/badge/coverage-92%25-brightgreen)
 [![License](https://img.shields.io/github/license/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/LICENSE)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/scito/extract_otp_secrets?sort=semver)](https://github.com/scito/extract_otp_secrets/releases/latest)  
-![python versions](https://img.shields.io/badge/python-3.7%20%7C%203.8%20%7C%203.9%20%7C%203.10%20%7C%203.11-blue)
+![python versions](https://img.shields.io/badge/python-3.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13%20%7C%203.14-blue)
 [![Docker image](https://img.shields.io/badge/docker-image-blue)](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets/general)
 [![Linux](https://img.shields.io/badge/os-linux-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
 [![Windows](https://img.shields.io/badge/os-windows-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
@@ -14,7 +14,7 @@
 [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 <!-- ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/protobuf)
 [![GitHub Pipenv locked Python version](https://img.shields.io/github/pipenv/locked/python-version/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/Pipfile.lock)
-![protobuf version](https://img.shields.io/badge/protobuf-4.21.12-informational)-->
+![protobuf version](https://img.shields.io/badge/protobuf-6.33.1-informational)-->

 <!-- [![Github all releases](https://img.shields.io/github/downloads/scito/extract_otp_secrets/total.svg)](https://GitHub.com/scito/extract_otp_secrets/releases/) -->

@@ -36,7 +36,9 @@ The secrets can be exported to JSON or CSV, or printed as QR codes to console or

 ## Table of contents

- [Download binary executable (🆕 since v2.1)](#download-binary-executable--since-v21)
+- [Table of contents](#table-of-contents)
+- [Download and run binary executable (🆕 since v2.1)](#download-and-run-binary-executable--since-v21)
+  - [MacOS](#macos)
 - [Usage](#usage)
  - [Capture QR codes from camera (🆕 since version 2.0)](#capture-qr-codes-from-camera--since-version-20)
  - [With builtin QR decoder from image files (🆕 since version 2.0)](#with-builtin-qr-decoder-from-image-files--since-version-20)
@@ -45,7 +47,7 @@ The secrets can be exported to JSON or CSV, or printed as QR codes to console or
  - [Installation of optional shared system libraries (recommended)](#installation-of-optional-shared-system-libraries-recommended)
 - [Program help: arguments and options](#program-help-arguments-and-options)
 - [Examples](#examples)
-  - [Printing otp secrets form text file](#printing-otp-secrets-form-text-file)
+  - [Printing otp secrets from text file](#printing-otp-secrets-from-text-file)
  - [Printing otp secrets from image file](#printing-otp-secrets-from-image-file)
  - [Writing otp secrets to csv file](#writing-otp-secrets-to-csv-file)
  - [Writing otp secrets to json file](#writing-otp-secrets-to-json-file)
@@ -65,7 +67,8 @@ The secrets can be exported to JSON or CSV, or printed as QR codes to console or
  - [pipenv](#pipenv)
  - [Visual Studio Code Remote - Containers / VSCode devcontainer](#visual-studio-code-remote---containers--vscode-devcontainer)
  - [venv](#venv)
-  - [devbox](#devbox)
+  - [devbox 1](#devbox-1)
+  - [devbox 2](#devbox-2)
  - [docker](#docker)
  - [More docker examples](#more-docker-examples)
 - [Tests](#tests)
@@ -84,12 +87,14 @@ The secrets can be exported to JSON or CSV, or printed as QR codes to console or
 - [Problems and Troubleshooting](#problems-and-troubleshooting)
  - [Windows error message](#windows-error-message)
 - [Related projects](#related-projects)
+- [Third party documentation](#third-party-documentation)
 </details>

-## Download binary executable (🆕 since v2.1)
+## Download and run binary executable (🆕 since v2.1)

 1. Download executable for your platform from [latest release](https://github.com/scito/extract_otp_secrets/releases/latest), see assets
-2. Start executable by clicking or from command line
+2. Linux and macOS: Set executable bit for the downloaded file, e.g in terminal with `chmod +x extract_otp_secrets_X.Y.Z_OS_ARCH`
+3. Start executable by clicking or from command line (macOS: startable only from command line, see [below](#macos))

 :heavy_check_mark: Everything is just packed in one executable.  
 :heavy_check_mark: No installation needed, neither Python nor any dependencies have to be installed.  
@@ -106,6 +111,35 @@ The secrets can be exported to JSON or CSV, or printed as QR codes to console or

 :information_source: The executables are not signed. Thus, the operating system may show a warning about download from unknown source.

+### MacOS
+
+> Beginning in macOS 10.15, all software built after June 1, 2019, and distributed with Developer ID must be notarized. However, you aren’t required to notarize software that you distribute through the Mac App Store because the App Store submission process already includes equivalent security checks. <small>[developer.apple.com](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution)</small>
+
+:x: Unfortunately, I cannot provide a signed and notarized installable application for macOS as .dmg or .pkg. Apple is not Open Source friendly and requires a yearly Developer ID subscription. I am not willing to pay [USD 99 per year](https://developer.apple.com/support/compare-memberships/) to Apple for this little open source tool.
+
+However, the bare executable can be executed from the command line:
+
+1. Download executable for macOS platform from [latest release](https://github.com/scito/extract_otp_secrets/releases/latest), see assets
+2. Open `Terminal` application
+3. Change to Downloads folder in Terminal: `cd $HOME/Downloads`
+4. Remove quarantine bit for the downloaded file: `xattr -r -d com.apple.quarantine extract_otp_secrets_X.Y.Z_macos_x86_64`
+5. Set executable bit for the downloaded file: `chmod +x extract_otp_secrets_X.Y.Z_macos_x86_64`
+6. Start executable from command line for the first time: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
+7. Wait approximately 30 seconds to 1 minute on the first run. Terminal will display the following error:
+    ```
+    OpenCV: not authorized to capture video (status 0), requesting...
+    OpenCV: camera failed to properly initialize!
+    ```
+8. macOS will then prompt to request camera access.
+9. After allowing camera access, rerun the program.
+10. On the second run, the GUI prompt shows correctly and is fully operable: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
+
+:information_source: Replace `X.Y.Z` in above commands with the version number of your downloaded file, e.g. `extract_otp_secrets_2.4.0_macos_x86_64`
+
+:information_source: If Rosetta2 emulation is installed, these steps work also for M1 and M2 Apple Silicon processors and the program can be executed directly.
+
+Tested with extract_otp_secrets_2.8.1_macos_x86_64 on macOS Sequoia 15.1 beta. Source: [#283](https://github.com/scito/extract_otp_secrets/issues/283)
+
 ## Usage

 ### Capture QR codes from camera (🆕 since version 2.0)
@@ -190,7 +224,8 @@ For a detailed installation documentation of [pyzbar](https://github.com/Natural

 #### Linux (Fedora)

-    sudo dnf install libzbar0
+    sudo dnf install mesa-libGL
+    sudo dnf install zbar

 #### Linux (Arch Linux)

@@ -212,7 +247,7 @@ OpenCV requires [Visual C++ redistributable 2015](https://www.microsoft.com/en-u

 ## Program help: arguments and options

-<pre>usage: extract_otp_secrets.py [-h] [--csv FILE] [--keepass FILE] [--json FILE] [--printqr] [--saveqr DIR] [--camera NUMBER] [--qr {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}] [-i] [--no-color] [--version] [-d | -v | -q] [infile ...]
+<pre>usage: extract_otp_secrets.py [-h] [--csv FILE] [--keepass FILE] [--json FILE] [--txt FILE] [--urls FILE] [--printqr] [--saveqr DIR] [--camera NUMBER] [--qr {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}] [-i] [--no-color] [--version] [-d | -v | -q] [infile ...]

 Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps
 If no infiles are provided, a GUI window starts and QR codes are captured from the camera.
@@ -223,11 +258,13 @@ positional arguments:

 options:
  -h, --help                    show this help message and exit
-  --csv FILE, -c FILE           export csv file or - for stdout
+  --csv FILE, -c FILE           export csv file, or - for stdout
  --keepass FILE, -k FILE       export totp/hotp csv file(s) for KeePass, - for stdout
  --json FILE, -j FILE          export json file or - for stdout
-  --printqr, -p                 print QR code(s) as text to the terminal (requires qrcode module)
-  --saveqr DIR, -s DIR          save QR code(s) as images to the given folder (requires qrcode module)
+  --txt FILE, -t FILE           export txt file or - for stdout
+  --urls FILE, -u FILE          export file with list of otpauth urls, or - for stdout
+  --printqr, -p                 print QR code(s) as text to the terminal
+  --saveqr DIR, -s DIR          save QR code(s) as images to directory
  --camera NUMBER, -C NUMBER    camera number of system (default camera: 0)
  --qr {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}, -Q {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}
                                QR reader (default: ZBAR)
@@ -247,7 +284,7 @@ python extract_otp_secrets.py = < example_export.png</pre>

 ## Examples

-### Printing otp secrets form text file
+### Printing otp secrets from text file

    python src/extract_otp_secrets.py example_export.txt

@@ -324,11 +361,13 @@ python extract_otp_secrets.py = < example_export.png</pre>
 * Prints errors and warnings to stderr (🆕 since v2.0)
 * Prints colored output (🆕 since v2.0)
 * Startable as executable (script, Python, and all dependencies packed in one executable) (🆕 since v2.1)
-    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.28)
-    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.28)
+    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.31)
+    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.31)
    * extract_otp_secrets_win_x86_64.exe
-    * extract_otp_secrets_macos_x86_64 (barely tested, [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed additionally if needed)
-* Prebuilt Docker images provided for amd64 and arm64 (🆕 since v2.0)
+    * extract_otp_secrets_macos_x86_64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed)
+        * extract_otp_secrets_macos_x86_64.dmg N/A, see [why](#macos)
+        * extract_otp_secrets_macos_x86_64.pkg N/A, see [why](#macos)
+* Prebuilt Docker images provided for amd64 and arm64 on [Docker Hub](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets) and [GitHub Packages](https://github.com/users/scito/packages/container/package/extract_otp_secrets) (🆕 since v2.0)
 * Many ways to run the script:
    * Native Python
    * pipenv
@@ -342,7 +381,7 @@ python extract_otp_secrets.py = < example_export.png</pre>
    * macOS
    * Windows
 * Uses UTF-8 on all platforms
-* Supports Python >= 3.7
+* Supports Python >= 3.9
 * Installation of shared system libraries is optional (🆕 since v2.3)
 * Provides a debug mode (-d) for analyzing import problems
 * Written in modern Python using type hints and following best practices
@@ -482,7 +521,7 @@ Alternatively, you can use a python virtual env for the dependencies:
 The requirements\*.txt files contain all the dependencies (also the optional ones).
 To leave the python virtual env just call `deactivate`.

-### devbox
+### devbox 1

 Install [devbox](https://github.com/jetpack-io/devbox), which is a wrapper for nix. Then enter the environment with Python and the packages installed with:

@@ -490,6 +529,14 @@ Install [devbox](https://github.com/jetpack-io/devbox), which is a wrapper for n
 devbox shell
 ```

+### devbox 2
+
+Install [devbox](https://devenv.sh), which is a wrapper for nix. Then enter the environment with Python and the packages installed with:
+
+```
+devenv shell
+```
+
 ### docker

 Install [Docker](https://docs.docker.com/get-docker/).
@@ -499,35 +546,35 @@ Prebuilt docker images are available for amd64 and arm64 architectures on [Docke
 Extracting from an QR image file:

 ```
-curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.png | docker run --pull always -i --rm -v "$(pwd)":/files:ro scit0/extract_otp_secrets =
+curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.png | docker run --network none --pull always -i --rm -v "$(pwd)":/files:ro docker.io/scit0/extract_otp_secrets =
 ```

 Capturing from camera in GUI window (X Window system required on host):

 ```
-docker run --pull always --rm -v "$(pwd)":/files:ro -i --device="/dev/video0:/dev/video0" --env="DISPLAY" -v /tmp/.X11-unix:/tmp/.X11-unix:ro scit0/extract_otp_secrets
+docker run --network none --pull always --rm -v "$(pwd)":/files:ro -i --device="/dev/video0:/dev/video0" --env="DISPLAY" -v /tmp/.X11-unix:/tmp/.X11-unix:ro docker.io/scit0/extract_otp_secrets
 ```

 If only text processing is required, there is a small Image based on Alpine Linux:

 ```
-curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.txt | docker run --pull always -i --rm -v "$(pwd)":/files:ro scit0/extract_otp_secrets:latest-only-txt -
+curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.txt | docker run --network none --pull always -i --rm -v "$(pwd)":/files:ro docker.io/scit0/extract_otp_secrets:latest-only-txt -
 ```

 Docker image from GitHub:

 ```
 docker login ghcr.io -u USERNAME
-curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.png | docker run --pull always -i --rm -v "$(pwd)":/files:ro ghcr.io/scito/extract_otp_secrets =
+curl -s https://raw.githubusercontent.com/scito/extract_otp_secrets/master/example_export.png | docker run --network none --pull always -i --rm -v "$(pwd)":/files:ro ghcr.io/scito/extract_otp_secrets =
 ```

 ### More docker examples

-    docker run --pull always --rm -v "$(pwd)":/files:ro scit0/extract_otp_secrets example_export.png
+    docker run --network none --pull always --rm -v "$(pwd)":/files:ro docker.io/scit0/extract_otp_secrets example_export.png

-    docker run --pull always --rm -i -v "$(pwd)":/files:ro scit0/extract_otp_secrets_only_txt - < example_export.txt
+    docker run --network none --pull always --rm -i -v "$(pwd)":/files:ro docker.io/scit0/extract_otp_secrets:latest-only-txt - < example_export.txt

-    cat example_export.txt | docker run --pull always --rm -i -v "$(pwd)":/files:ro scit0/extract_otp_secrets:latest_only_txt - -c - > example_out.csv
+    cat example_export.txt | docker run --network none --pull always --rm -i -v "$(pwd)":/files:ro docker.io/scit0/extract_otp_secrets:latest-only-txt - -c - > example_out.csv

 ## Tests

@@ -603,7 +650,7 @@ pip install -U -r requirements.txt
 Build and run the app within the container:

 ```bash
-docker build . -t extract_otp_secrets --pull --build-arg RUN_TESTS=false
+docker build . -t extract_otp_secrets --pull -f docker/Dockerfile --build-arg RUN_TESTS=false
 ```

 Run tests in docker container:
@@ -615,7 +662,7 @@ docker run --entrypoint /extract/run_pytest.sh --rm -v "$(pwd)":/files:ro extrac
 #### Alpine (only text file processing)

 ```bash
-docker build . -t extract_otp_secrets:only_txt --pull -f Dockerfile_only_txt --build-arg RUN_TESTS=false
+docker build . -t extract_otp_secrets:only_txt --pull -f docker/Dockerfile_only_txt --build-arg RUN_TESTS=false
 ```

 Run tests in docker container:
@@ -660,11 +707,18 @@ Build extract_otp_secrets project
 Options:
 -i                      Interactive mode, all steps must be confirmed
 -C                      Ignore version check of protobuf/protoc
-D                      Do not build docker
-G                      Do not start extract_otp_secrets.py in GUI mode
+-e                      Build exe
+-n                      Build nuitka exe
+-L                      Do not build local (exes)
+-d                      Build docker
+-a                      Build arm
+-X                      Do not build x86_64
+-B                      Do not build base
+-V                      Do not run pipenv
+-g                      Start extract_otp_secrets.py in GUI mode
 -c                      Clean everything
 -r                      Generate result files
-h, --help              Help
+-h, --help              Show help and quit
 ```

 ## Technical background
@@ -676,7 +730,7 @@ Command for regeneration of Python code from proto3 message definition file (onl

    protoc --plugin=protoc-gen-mypy=path/to/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python src/google_auth.proto

-The generated protobuf Python code was generated by protoc 21.12 (https://github.com/protocolbuffers/protobuf/releases/tag/v21.12).
+The generated protobuf Python code was generated by protoc 33.1 (https://github.com/protocolbuffers/protobuf/releases/tag/v33.1).

 For Python type hint generation the [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf) package is used.

@@ -687,7 +741,7 @@ For Python type hint generation the [mypy-protobuf](https://github.com/nipunn131

 ## Issues

-* Segmentation fault on macOS with CV2 4.7.0: https://github.com/opencv/opencv/issues/23072
+* Segmentation fault on macOS with CV2 4.7.0: https://github.com/opencv/opencv/issues/23072 (fixed)
 * CV2 window does not show icons: https://github.com/opencv/opencv-python/issues/585

 ## Problems and Troubleshooting
@@ -720,13 +774,18 @@ FileNotFoundError: Could not find module 'libiconv.dll' (or one of its dependenc
 ## Related projects

 * [ZBar](https://github.com/mchehab/zbar) is an open source software suite for reading bar codes from various sources, including webcams.
-* [Aegis Authenticator](https://github.com/beemdevelopment/Aegis) is a free, secure and open source 2FA app for Android.
+* [Aegis Authenticator](https://github.com/beemdevelopment/Aegis) is a free, secure and open source 2FA app for Android. This app can scan Google export QR codes and export the secrets, e.g. as JSON. However, a second device is required.
 * [pyzbar](https://github.com/NaturalHistoryMuseum/pyzbar) is a good QR code reader Python module
 * [OpenCV](https://docs.opencv.org/4.x/) (CV2) Open Source Computer Vision library with [opencv-python](https://github.com/opencv/opencv-python)
 * [Python QReader](https://github.com/Eric-Canas/QReader) Python QR code readers
 * [Android OTP Extractor](https://github.com/puddly/android-otp-extractor) can extract your tokens from popular Android OTP apps and export them in a standard format or just display them as QR codes for easy importing. [Requires a _rooted_ Android phone.]
 * [Google Authenticator secret extractor](https://github.com/krissrex/google-authenticator-exporter) is similar project written in JavaScript. It also extracts otp secrets from Google Authenticator.

+## Third party documentation
+
+* [TOTP Secret Extraction from QR codes (medium.com)](https://cavalloj.medium.com/totp-secret-extraction-from-qr-codes-ee097b4c687f)
+* [Google Authenticator: OTP-Secrets auslesen (stadt-bremerhaven.de)](https://stadt-bremerhaven.de/google-authenticator-otp-secrets-auslesen/)
+
 ***

 # #StandWithUkraine 🇺🇦
--- a/build.sh
+++ b/build.sh
@@ -77,8 +77,15 @@ interactive=false
 ignore_version_check=true
 clean=false
 clean_flag=""
-build_docker=true
-run_gui=true
+build_base=true
+build_arm=false
+build_x86_64=true
+build_docker=false
+build_local=true
+build_exe=false
+build_nuitka_exe=false
+run_pipenv=true
+run_gui=false
 generate_result_files=false
 PYTHONHASHSEED=31

@@ -92,14 +99,21 @@ while test $# -gt 0; do
            echo "Options:"
            echo "-i                      Interactive mode, all steps must be confirmed"
            echo "-C                      Ignore version check of protobuf/protoc"
-            echo "-D                      Do not build docker"
-            echo "-G                      Do not start extract_otp_secrets.py in GUI mode"
+            echo "-e                      Build exe"
+            echo "-n                      Build nuitka exe"
+            echo "-L                      Do not run protoc and base build locally incl. exes"
+            echo "-d                      Build docker"
+            echo "-a                      Build arm"
+            echo "-X                      Do not build x86_64"
+            echo "-B                      Do not build base"
+            echo "-V                      Do not run pipenv"
+            echo "-g                      Start extract_otp_secrets.py in GUI mode"
            echo "-c                      Clean everything"
            echo "-r                      Generate result files"
-            echo "-h, --help              Help"
+            echo "-h, --help              Show help and quit"
            quit
            ;;
-        -a)
+        -i)
            interactive=true
            shift
            ;;
@@ -107,12 +121,41 @@ while test $# -gt 0; do
            ignore_version_check=false
            shift
            ;;
-        -D)
-            build_docker=false
+        -B)
+            build_base=false
            shift
            ;;
-        -G)
-            run_gui=false
+        -L)
+            build_local=false
+            build_base=false
+            shift
+            ;;
+        -a)
+            build_arm=true
+            shift
+            ;;
+        -X)
+            build_x86_64=false
+            shift
+            ;;
+        -e)
+            build_exe=true
+            shift
+            ;;
+        -n)
+            build_nuitka_exe=true
+            shift
+            ;;
+        -d)
+            build_docker=true
+            shift
+            ;;
+        -V)
+            run_pipenv=false
+            shift
+            ;;
+        -g)
+            run_gui=true
            shift
            ;;
        -r)
@@ -130,8 +173,9 @@ done
 BIN="$HOME/bin"
 DOWNLOADS="$HOME/downloads"

-PYTHON="python3.11"
-PIP="pip3.11"
+# Set python und pip if not already set in environment
+PYTHON="${PYTHON:=python}"
+PIP="${PIP:=pip}"
 PIPENV="$PYTHON -m pipenv"
 FLAKE8="$PYTHON -m flake8"
 MYPY="$PYTHON -m mypy"
@@ -174,315 +218,469 @@ if $clean; then
    cmd="sudo pipenv --rm || true"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
-fi

-cmd="$PIP install --use-pep517 -U -r requirements-dev.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-
-echo -e "\n\nChecking Protoc version..."
-VERSION=$(curl -sL https://github.com/protocolbuffers/protobuf/releases/latest | grep -E "<title>" | perl -pe's%.*Protocol Buffers v(\d+\.\d+(\.\d+)?).*%\1%')
-BASEVERSION=4
-echo
-
-OLDVERSION=$(cat $BIN/$DEST/.VERSION.txt || echo "")
-echo -e "\nProtoc remote version $VERSION\n"
-echo -e "Protoc local version: $OLDVERSION\n"
-
-if [ "$OLDVERSION" != "$VERSION" ] || ! $ignore_version_check; then
-    echo "Upgrade protoc from $OLDVERSION to $VERSION"
-
-    NAME="protoc-$VERSION"
-    ARCHIVE="$NAME.zip"
-
-    mkdir -p $DOWNLOADS
-    # https://github.com/protocolbuffers/protobuf/releases/download/v21.6/protoc-21.6-linux-x86_64.zip
-    cmd="wget --trust-server-names https://github.com/protocolbuffers/protobuf/releases/download/v$VERSION/protoc-$VERSION-linux-x86_64.zip -O $DOWNLOADS/$ARCHIVE"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="echo -e '\nSize [Byte]'; stat --printf='%s\n' $DOWNLOADS/$ARCHIVE; echo -e '\nMD5'; md5sum $DOWNLOADS/$ARCHIVE; echo -e '\nSHA256'; sha256sum $DOWNLOADS/$ARCHIVE;"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="mkdir -p $BIN/$NAME; unzip $DOWNLOADS/$ARCHIVE -d $BIN/$NAME"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="echo $VERSION > $BIN/$NAME/.VERSION.txt; echo $VERSION > $BIN/$NAME/.VERSION_$VERSION.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="[ -d $BIN/$DEST.old ] && rm -rf $BIN/$DEST.old || echo 'No old dir to delete'"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="[ -d $BIN/$DEST ] && mv -iT $BIN/$DEST $BIN/$DEST.old || echo 'No previous dir to keep'"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="mv -iT $BIN/$NAME $BIN/$DEST"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="rm $DOWNLOADS/$ARCHIVE"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    cmd="$BIN/$DEST/bin/protoc --plugin=protoc-gen-mypy=$HOME/.local/bin/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python --proto_path=src google_auth.proto"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-
-    # Update README.md
-
-    cmd="perl -i -pe 's%proto(buf|c)([- ])(\d\.)?$OLDVERSION%proto\$1\$2\${3}$VERSION%g' README.md && perl -i -pe 's%(protobuf/releases/tag/v)$OLDVERSION%\${1}$VERSION%g' README.md"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
-else
-    echo -e "\nVersion has not changed. Quit"
-fi
-
-
-# Upgrade pip requirements
-
-cmd="pip install -U pip"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-$PIP --version
-
-cmd="$PIP install --use-pep517 -U -r requirements.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-# Lint
-
-LINT_OUT_FILE="tests/reports/flake8_results.txt"
-cmd="$FLAKE8 . --count --select=E9,F63,F7,F82 --show-source --statistics | tee $LINT_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-cmd="$FLAKE8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics --exclude=.git,__pycache__,docs/source/conf.py,old,build,dist,protobuf_generated_python | tee -a $LINT_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-# Type checking
-
-TYPE_CHECK_OUT_FILE="tests/reports/mypy_results.txt"
-cmd="$MYPY --install-types --non-interactive src/*.py tests/*.py"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-# change to src as python -m mypy adds the current dir Python sys.path
-# execute in a subshell in order not to loose the exit code and not to change the dir in the currrent shell
-cmd="$MYPY --strict src/*.py tests/*.py | tee $TYPE_CHECK_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-
-
-# Generate results files
-
-if $generate_result_files; then
-    cmd="for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do $PYTHON src/extract_otp_secrets.py example_export.txt \$color \$level > tests/data/print_verbose_output\$color\$level.txt; done; done"
+    cmd="mkdir -p dist"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 fi

-# pip -e install
+if $build_local; then
+    cmd="$PIP install --use-pep517 -U -r requirements-dev.txt"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"

-cmd="$PIP install -U -e ."
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    echo -e "\n\nChecking Protoc version..."
+    VERSION=$(curl -sL https://github.com/protocolbuffers/protobuf/releases/latest | grep -E "<title>" | perl -pe's%.*Protocol Buffers v(\d+\.\d+(\.\d+)?).*%\1%')
+    BASEVERSION=4
+    echo

-cmd="extract_otp_secrets example_export.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    OLDVERSION=$(cat $BIN/$DEST/.VERSION.txt || echo "")
+    echo -e "\nProtoc remote version $VERSION\n"
+    echo -e "Protoc local version: $OLDVERSION\n"

-cmd="extract_otp_secrets - < example_export.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    if [ "$OLDVERSION" != "$VERSION" ] && ! $ignore_version_check; then
+        echo "Upgrade protoc from $OLDVERSION to $VERSION"

-# Test (needs module)
+        NAME="protoc-$VERSION"
+        ARCHIVE="$NAME.zip"

-cmd="$PYTHON src/extract_otp_secrets.py example_export.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        mkdir -p $DOWNLOADS
+        # https://github.com/protocolbuffers/protobuf/releases/download/v21.6/protoc-21.6-linux-x86_64.zip
+        cmd="wget --trust-server-names https://github.com/protocolbuffers/protobuf/releases/download/v$VERSION/protoc-$VERSION-linux-x86_64.zip -O $DOWNLOADS/$ARCHIVE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-cmd="$PYTHON src/extract_otp_secrets.py - < example_export.txt"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="echo -e '\nSize [Byte]'; stat --printf='%s\n' $DOWNLOADS/$ARCHIVE; echo -e '\nMD5'; md5sum $DOWNLOADS/$ARCHIVE; echo -e '\nSHA256'; sha256sum $DOWNLOADS/$ARCHIVE;"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-COVERAGE_OUT_FILE="tests/reports/pytest-coverage.txt"
-cmd="pytest --cov=extract_otp_secrets_test --junitxml=tests/reports/pytest.xml --cov-report html:tests/reports/html --cov-report=term-missing tests/ | tee $COVERAGE_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="mkdir -p $BIN/$NAME; unzip $DOWNLOADS/$ARCHIVE -d $BIN/$NAME"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-# Pipenv
+        cmd="echo $VERSION > $BIN/$NAME/.VERSION.txt; echo $VERSION > $BIN/$NAME/.VERSION_$VERSION.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-cmd="$PIP install -U pipenv"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="[ -d $BIN/$DEST.old ] && rm -rf $BIN/$DEST.old || echo 'No old dir to delete'"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-$PIPENV --version
+        cmd="[ -d $BIN/$DEST ] && mv -iT $BIN/$DEST $BIN/$DEST.old || echo 'No previous dir to keep'"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-cmd="$PIPENV update && $PIPENV --rm && $PIPENV install"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="mv -iT $BIN/$NAME $BIN/$DEST"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-$PIPENV run python --version
+        cmd="rm $DOWNLOADS/$ARCHIVE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="$BIN/$DEST/bin/protoc --plugin=protoc-gen-mypy=$HOME/.local/bin/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python --proto_path=src google_auth.proto"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-# Build wheel
+        # Update README.md

-cmd="$PIP wheel ."
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        cmd="perl -i -pe 's%proto(buf|c)([- ])(\d\.)?$OLDVERSION%proto\$1\$2\${3}$VERSION%g' README.md && perl -i -pe 's%(protobuf/releases/tag/v)$OLDVERSION%\${1}$VERSION%g' README.md"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+    else
+        echo -e "\nVersion has not changed. Quit"
+    fi

-# Build executable
+    # Upgrade pip requirements

-cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
-echo "local glibc: $LOCAL_GLIBC_VERSION"
+    cmd="pip install -U pip"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"

-cmd="pyinstaller -y --add-data $HOME/.local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile $clean_flag src/extract_otp_secrets.py"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    $PIP --version

-cmd="dist/extract_otp_secrets -h"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    cmd="$PIP install --use-pep517 -U -r requirements.txt"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"

-# Generate README.md TOC
+    if $build_base; then
+        # Lint

-cmd="gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+        LINT_OUT_FILE="tests/reports/flake8_results.txt"
+        cmd="$FLAKE8 . --count --select=E9,F63,F7,F82 --show-source --statistics | tee $LINT_OUT_FILE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-# Update Code Coverage in README.md
+        cmd="$FLAKE8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics --exclude=.git,__pycache__,docs/source/conf.py,old,build,dist,protobuf_generated_python | tee -a $LINT_OUT_FILE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-# https://github.com/marketplace/actions/pytest-coverage-comment
-# Coverage-95%25-yellowgreen
-echo -e "Update code coverage in README.md"
-TOTAL_COVERAGE=$(cat $COVERAGE_OUT_FILE | grep 'TOTAL' | perl -ne 'print "$&" if /\b(\d{1,3})%/') && perl -i -pe "s/coverage-(\d{1,3}%)25-/coverage-${TOTAL_COVERAGE}25-/" README.md
+        # Type checking
+
+        TYPE_CHECK_OUT_FILE="tests/reports/mypy_results.txt"
+        cmd="$MYPY --install-types --non-interactive src/*.py tests/*.py"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        # change to src as python -m mypy adds the current dir Python sys.path
+        # execute in a subshell in order not to loose the exit code and not to change the dir in the currrent shell
+        cmd="$MYPY --strict src/*.py tests/*.py | tee $TYPE_CHECK_OUT_FILE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+
+        # Generate results files
+
+        if $generate_result_files; then
+            cmd="for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do $PYTHON src/extract_otp_secrets.py example_export.txt \$color \$level > tests/data/print_verbose_output\$color\$level.txt; done; done"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi
+
+        # pip -e install
+
+        cmd="$PIP install -U -e ."
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="extract_otp_secrets example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="extract_otp_secrets - < example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        # Test (needs module)
+
+        cmd="$PYTHON src/extract_otp_secrets.py example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="$PYTHON src/extract_otp_secrets.py - < example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        COVERAGE_OUT_FILE="tests/reports/pytest-coverage.txt"
+        cmd="pytest --cov=extract_otp_secrets_test --junitxml=tests/reports/pytest.xml --cov-report html:tests/reports/html --cov-report=term-missing tests/ | tee $COVERAGE_OUT_FILE"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        # Update Code Coverage in README.md
+
+        # https://github.com/marketplace/actions/pytest-coverage-comment
+        # Coverage-95%25-yellowgreen
+        echo -e "Update code coverage in README.md"
+        TOTAL_COVERAGE=$(cat $COVERAGE_OUT_FILE | grep 'TOTAL' | perl -ne 'print "$&" if /\b(\d{1,3})%/') && perl -i -pe "s/coverage-(\d{1,3}%)25-/coverage-${TOTAL_COVERAGE}25-/" README.md
+
+        # Pipenv
+
+        if $run_pipenv; then
+            cmd="$PIP install -U pipenv"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            $PIPENV --version
+
+            cmd="rm Pipfile.lock || true; $PIPENV --rm || true"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV install --dev"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV update --dev"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            $PIPENV run python --version
+
+            # pip -e install
+
+            cmd="$PIPENV run pip install -U -e ."
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+
+            cmd="$PIPENV run extract_otp_secrets example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run extract_otp_secrets - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            # Test (needs module)
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi
+
+        # Build wheel
+
+        cmd="$PIP wheel ."
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+    fi
+
+    # Build executable
+    if $build_exe; then
+        cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+        echo "local glibc: $LOCAL_GLIBC_VERSION"
+
+        cmd="time pyinstaller -y --specpath installer --add-data $HOME/.local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile $clean_flag src/extract_otp_secrets.py"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="dist/extract_otp_secrets -h"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="dist/extract_otp_secrets --qr ZBAR example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+    fi
+
+    # Build compiled executable
+
+    if $build_nuitka_exe; then
+        cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+        echo "local glibc: $LOCAL_GLIBC_VERSION"
+
+        cmd="$PIP install -U pyqt5"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="time $PYTHON -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --noinclude-default-mode=nofollow --clang --include-data-dir=$HOME/.local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=build/nuitka --output-filename=extract_otp_secrets_compiled src/extract_otp_secrets.py"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="cp build/nuitka/extract_otp_secrets_compiled dist/"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="dist/extract_otp_secrets_compiled -h"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+
+        cmd="dist/extract_otp_secrets_compiled --qr ZBAR example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+    fi
+
+    # Generate README.md TOC
+
+    cmd="gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"
+
+    # create Windows win_file_version_info.txt
+    cmd="VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") VERSION_BUILD=$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) COPYRIGHT_YEARS='2020-2023' envsubst < installer/win_file_version_info_template.txt > build/win_file_version_info.txt"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"
+
+    # create macOS extract_otp_secrets_macos.spec from extract_otp_secrets_macos_template.spec
+    cmd="VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2023' envsubst < installer/extract_otp_secrets_macos_template.spec > build/extract_otp_secrets_macos.spec"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"
+fi

 if $build_docker; then
    # Build docker

-    # Build Dockerfile_only_txt (Alpine)
-    cmd="docker build . -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+    if $build_x86_64; then
+        # Build Dockerfile_only_txt (Alpine)
+        cmd="docker build . -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f docker/Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt example_export.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt - < example_export.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt - < example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    # Build extract_otp_secrets (Debian Bullseye)
-    cmd="docker build . -t extract_otp_secrets -t extract_otp_secrets:bullseye --pull --build-arg RUN_TESTS=false"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        # Build extract_otp_secrets (Debian Bookworm)
+        cmd="docker build . -t extract_otp_secrets -t extract_otp_secrets:bookworm --pull -f docker/Dockerfile --build-arg RUN_TESTS=false"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets example_export.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets - -c - > example_output.csv"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="cat example_export.txt | docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets - -c - > example_output.csv"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets = < example_export.png"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets = < example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    # Build extract_otp_secrets (Debian Buster)
-    cmd="docker build . -t extract_otp_secrets:buster --pull --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        # Build extract_otp_secrets (Debian Bullseye)
+        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster example_export.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye example_export.txt"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster - -c - > example_output.csv"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="cat example_export.txt | docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye - -c - > example_output.csv"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster = < example_export.png"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye = < example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    # Build executable from Docker latest
-    # sed "1!d" is workaround for head -n 1 since it head procduces exit code != 0
-    BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
-    echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"
+        # Build executable from Docker latest
+        # sed "1!d" is workaround for head -n 1 since it head procduces exit code != 0
+        BOOKWORM_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+        echo "Bookworm glibc: $BOOKWORM_GLIBC_VERSION"
+    fi

-    cmd="docker run --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bullseye --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+    if $build_arm; then
+        # build linux/arm64
+        cmd="docker run --network none --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"

-    cmd="dist/extract_otp_secrets_linux_x86_64_bullseye -h"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        # Build extract_otp_secrets (Debian Bullseye)
+        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
+    fi

-    # Build executable from Docker buster
-    BUSTER_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:buster -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
-    echo "Bullseye glibc: $BUSTER_GLIBC_VERSION"
+    if $build_exe; then
+        if $build_x86_64; then
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bookworm --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"

-    cmd="docker run --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            cmd="dist/extract_otp_secrets_linux_x86_64_bookworm -h || echo 'Could not run exe; see error message above'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"

-    cmd="dist/extract_otp_secrets_linux_x86_64 -h"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            cmd="dist/extract_otp_secrets_linux_x86_64_bookworm --qr ZBAR example_export.png || echo 'Could not run exe; see error message above'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"

-    # create Windows file_version_info.txt
-    cmd="VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") VERSION_BUILD=$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) YEARS='2020-2023' envsubst < file_version_info_template.txt > build/file_version_info.txt"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            # Build executable from Docker bullseye
+            BULLSEYE_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"

-    # build linux/arm64
-    # Build extract_otp_secrets (Debian Buster)
-    cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:buster --pull --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"

-    cmd="docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            cmd="dist/extract_otp_secrets_linux_x86_64 -h"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"

-    cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+            cmd="dist/extract_otp_secrets_linux_x86_64 --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi

-    cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-    eval "$cmd"
+        if $build_arm; then
+            # build linux/arm64
+            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi
+    fi
+
+    if $build_nuitka_exe; then
+        if $build_x86_64; then
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bookworm_compiled /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled -h"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled dist/"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            # Build executable from Docker bullseye
+            BULLSEYE_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            echo "Bookworm glibc: $BULLSEYE_GLIBC_VERSION"
+
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bullseye_compiled /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled -h"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled dist/"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi
+
+        if $build_arm; then
+            # build linux/arm64
+            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled dist/"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+        fi
+    fi

    # Run GUI from Docker
-    if $run_gui; then
-        cmd="docker run --rm -v "$(pwd)":/files:ro --device=\"/dev/video0:/dev/video0\" --env=\"DISPLAY\" -v /tmp/.X11-unix:/tmp/.X11-unix:ro extract_otp_secrets &"
+    if $build_x86_64 && $run_gui; then
+        cmd="docker run --network none --rm -v "$(pwd)":/files:ro --device=\"/dev/video0:/dev/video0\" --env=\"DISPLAY\" -v /tmp/.X11-unix:/tmp/.X11-unix:ro extract_otp_secrets &"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
@@ -494,14 +692,18 @@ if $run_gui; then
    eval "$cmd"
 fi

-line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
-echo -e "\n${blueBold}$line RESULTS $line${reset}"
+if $build_base; then
+    line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
+    echo -e "\n${blueBold}$line RESULTS $line${reset}"

-cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"
+fi

 line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
 echo -e "\n${greenBold}$line SUCCESS $line${reset}"

+git status
+
 quit
--- a/devenv.lock
+++ b/devenv.lock
@@ -0,0 +1,122 @@
+{
+  "nodes": {
+    "devenv": {
+      "locked": {
+        "dir": "src/modules",
+        "lastModified": 1726050924,
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "cf471f691c3765ed431199f61b8bd70530bc4305",
+        "treeHash": "04a5d566820f8fb1955c7c49ccbd3ff95d9129d7",
+        "type": "github"
+      },
+      "original": {
+        "dir": "src/modules",
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "treeHash": "2addb7b71a20a25ea74feeaf5c2f6a6b30898ecb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "treeHash": "ca14199cabdfe1a06a7b1654c76ed49100a689f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1716977621,
+        "owner": "cachix",
+        "repo": "devenv-nixpkgs",
+        "rev": "4267e705586473d3e5c8d50299e71503f16a6fb6",
+        "treeHash": "6d9f1f7ca0faf1bc2eeb397c78a49623260d3412",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "rolling",
+        "repo": "devenv-nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1725826545,
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
+        "treeHash": "8fc49deaed3f2728a7147c38163cc468a117570a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1725513492,
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
+        "treeHash": "4b46d77870afecd8f642541cb4f4927326343b59",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/devenv.nix
+++ b/devenv.nix
@@ -0,0 +1,24 @@
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  ...
+}:
+
+{
+  cachix.enable = false;
+
+  languages.python = {
+    enable = true;
+    venv = {
+      enable = true;
+      requirements = ./requirements.txt;
+    };
+  };
+
+  packages = [
+    pkgs.git
+    pkgs.zbar
+  ];
+}
--- a/devenv.yaml
+++ b/devenv.yaml
@@ -0,0 +1,14 @@
+inputs:
+  nixpkgs:
+    url: github:cachix/devenv-nixpkgs/rolling
+
+# If you're using non-OSS software, you can set allowUnfree to true.
+# allowUnfree: true
+
+# If you're willing to use a package that's vulnerable
+# permittedInsecurePackages:
+#  - "openssl-1.1.1w"
+
+# If you have more than one devenv you can merge them
+#imports:
+# - ./backend
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # --build-arg BASE_IMAGE=python:3.11-slim-buster
-ARG BASE_IMAGE=python:3.11-slim-bullseye
+ARG BASE_IMAGE=python:3.14-slim-trixie
 FROM $BASE_IMAGE

 # https://docs.docker.com/engine/reference/builder/
@@ -16,14 +16,15 @@ COPY requirements*.txt src/ run_pytest.sh pytest.ini tests/ example_*.txt exampl

 ARG RUN_TESTS=true

-RUN apt-get update && apt-get install -y \
+RUN uname -a \
+    && apt-get update && apt-get install -y --no-install-recommends \
        libgl1 \
        libglib2.0-0 \
        libsm6 \
        libzbar0 \
        python3-tk \
    && rm -rf /var/lib/apt/lists/* \
-    && pip install --no-cache-dir -U -r requirements.txt \
+    && pip install --no-cache-dir -U pip -r requirements.txt \
    && if [ "$RUN_TESTS" = "true" ]; then /extract/run_pytest.sh; else echo "Not running tests..."; fi \
    && echo 'test -s /extract/.alias && . /extract/.alias || true' >> ~/.bashrc

@@ -31,6 +32,6 @@ WORKDIR /files

 ENTRYPOINT ["python", "/extract/extract_otp_secrets.py"]

-LABEL org.opencontainers.image.source https://github.com/scito/extract_otp_secrets
-LABEL org.opencontainers.image.license GPL-3.0+
+LABEL org.opencontainers.image.source=https://github.com/scito/extract_otp_secrets
+LABEL org.opencontainers.image.license=GPL-3.0+
 LABEL maintainer="Scito https://scito.ch, https://github.com/scito"
--- a/docker/Dockerfile_only_txt
+++ b/docker/Dockerfile_only_txt
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=python:3.11-alpine
+ARG BASE_IMAGE=python:3.14-alpine
 FROM $BASE_IMAGE

 # https://docs.docker.com/engine/reference/builder/
@@ -17,7 +17,8 @@ COPY requirements*.txt src/ run_pytest.sh pytest.ini tests/ example_*.txt exampl

 ARG RUN_TESTS=true

-RUN apk add --no-cache \
+RUN uname -a \
+    && apk add --no-cache \
        jpeg \
        zlib \
    && echo "Arch: $(apk --print-arch)" \
@@ -30,6 +31,7 @@ RUN apk add --no-cache \
        zlib-dev \
    ; fi \
    && pip install --no-cache-dir -U \
+        pip \
        colorama \
        Pillow \
        protobuf \
@@ -42,6 +44,6 @@ WORKDIR /files

 ENTRYPOINT ["python", "/extract/extract_otp_secrets.py"]

-LABEL org.opencontainers.image.source https://github.com/scito/extract_otp_secrets
-LABEL org.opencontainers.image.license GPL-3.0+
+LABEL org.opencontainers.image.source=https://github.com/scito/extract_otp_secrets
+LABEL org.opencontainers.image.license=GPL-3.0+
 LABEL maintainer="Scito https://scito.ch, https://github.com/scito"
--- a/docs/README_TOC.md
+++ b/docs/README_TOC.md
@@ -3,7 +3,8 @@ Generate from file: README.md
 ## Table of contents

 - [Table of contents](#table-of-contents)
- [Download binary executable (🆕 since v2.1)](#download-binary-executable--since-v21)
+- [Download and run binary executable (🆕 since v2.1)](#download-and-run-binary-executable--since-v21)
+  - [MacOS](#macos)
 - [Usage](#usage)
  - [Capture QR codes from camera (🆕 since version 2.0)](#capture-qr-codes-from-camera--since-version-20)
  - [With builtin QR decoder from image files (🆕 since version 2.0)](#with-builtin-qr-decoder-from-image-files--since-version-20)
@@ -12,7 +13,7 @@ Generate from file: README.md
  - [Installation of optional shared system libraries (recommended)](#installation-of-optional-shared-system-libraries-recommended)
 - [Program help: arguments and options](#program-help-arguments-and-options)
 - [Examples](#examples)
-  - [Printing otp secrets form text file](#printing-otp-secrets-form-text-file)
+  - [Printing otp secrets from text file](#printing-otp-secrets-from-text-file)
  - [Printing otp secrets from image file](#printing-otp-secrets-from-image-file)
  - [Writing otp secrets to csv file](#writing-otp-secrets-to-csv-file)
  - [Writing otp secrets to json file](#writing-otp-secrets-to-json-file)
@@ -32,7 +33,8 @@ Generate from file: README.md
  - [pipenv](#pipenv)
  - [Visual Studio Code Remote - Containers / VSCode devcontainer](#visual-studio-code-remote---containers--vscode-devcontainer)
  - [venv](#venv)
-  - [devbox](#devbox)
+  - [devbox 1](#devbox-1)
+  - [devbox 2](#devbox-2)
  - [docker](#docker)
  - [More docker examples](#more-docker-examples)
 - [Tests](#tests)
@@ -51,5 +53,6 @@ Generate from file: README.md
 - [Problems and Troubleshooting](#problems-and-troubleshooting)
  - [Windows error message](#windows-error-message)
 - [Related projects](#related-projects)
+- [Third party documentation](#third-party-documentation)

 Table of contents generated.
--- a/docs/meta.md
+++ b/docs/meta.md
@@ -0,0 +1,3 @@
+## Star History
+
+[![Star History Chart](https://api.star-history.com/svg?repos=scito/extract_otp_secrets&type=Date)](https://star-history.com/#scito/extract_otp_secrets&Date)
--- a/example_output.csv
+++ b/example_output.csv
@@ -1,7 +1,7 @@
-name,secret,issuer,type,counter,url
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
-encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+name,secret,issuer,type,counter,url
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
+encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
--- a/extract_otp_secret_keys.code-workspace
+++ b/extract_otp_secret_keys.code-workspace
--- a/installer/build_dmg.sh
+++ b/installer/build_dmg.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Create a folder (named dmg) to prepare our DMG in (if it doesn't already exist).
+
+# https://www.pythonguis.com/tutorials/packaging-pyqt5-applications-pyinstaller-macos-dmg/
+
+mkdir -p dist/dmg
+# Empty the dmg folder.
+rm -r dist/dmg/*
+# Copy the app bundle to the dmg folder.
+cp -r "dist/extract_otp_secrets.app" dist/dmg
+# If the DMG already exists, delete it.
+test -f "dist/extract_otp_secrets.dmg" && rm "dist/extract_otp_secrets.dmg"
+create-dmg \
+  --volname "Extract OTP Secrets" \
+  --window-pos 200 120 \
+  --window-size 600 300 \
+  --icon-size 100 \
+  --hide-extension "extract_otp_secrets.app" \
+  --app-drop-link 425 120 \
+  "dist/extract_otp_secrets.dmg" \
+  "dist/dmg/"
--- a/installer/extract_otp_secrets_macos_template.spec
+++ b/installer/extract_otp_secrets_macos_template.spec
@@ -0,0 +1,111 @@
+# -*- mode: python ; coding: utf-8 -*-
+
+# https://www.pythonguis.com/tutorials/packaging-pyqt5-applications-pyinstaller-macos-dmg/
+# https://developer.apple.com/library/archive/documentation/CoreFoundation/Conceptual/CFBundles/BundleTypes/BundleTypes.html
+
+block_cipher = None
+
+a = Analysis(
+    ['src/extract_otp_secrets.py'],
+    pathex=[],
+    binaries=[],
+    datas=[('$macos_python_path/__yolo_v3_qr_detector/', '__yolo_v3_qr_detector/')],
+    hiddenimports=[],
+    hookspath=[],
+    hooksconfig={},
+    runtime_hooks=[],
+    excludes=[],
+    win_no_prefer_redirects=False,
+    win_private_assemblies=False,
+    cipher=block_cipher,
+    noarchive=False,
+)
+pyz = PYZ(a.pure, a.zipped_data, cipher=block_cipher)
+
+exe = EXE(
+    pyz,
+    a.scripts,
+    a.binaries,
+    a.zipfiles,
+    a.datas,
+    [],
+    name='extract_otp_secrets',
+    debug=False,
+    bootloader_ignore_signals=False,
+    strip=False,
+    upx=True,
+    upx_exclude=[],
+    runtime_tmpdir=None,
+    console=True,
+    disable_windowed_traceback=False,
+    argv_emulation=True,
+    target_arch=None,
+    codesign_identity=None,
+    entitlements_file=None,
+)
+app = BUNDLE(
+    exe,
+    name='extract_otp_secrets.app',
+    icon=None,
+    bundle_identifier='ch.scito.tools.extract_otp_secrets',
+    version='$VERSION_STR',
+        info_plist={
+        'NSPrincipalClass': 'NSApplication',
+        'NSAppleScriptEnabled': False,
+        'NSHumanReadableCopyright': 'Copyright © $COPYRIGHT_YEARS Scito.',
+        'CFBundleDocumentTypes': [
+            # Reference: https://chromium.googlesource.com/chromium/src/+/lkgr/chrome/app/app-Info.plist
+            # https://developer.apple.com/library/archive/documentation/FileManagement/Conceptual/understanding_utis/understand_utis_conc/understand_utis_conc.html#//apple_ref/doc/uid/TP40001319-CH202-SW6
+            # https://developer.apple.com/documentation/uniformtypeidentifiers/system-declared_uniform_type_identifiers
+            {
+                'CFBundleTypeName': 'GIF image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['com.compuserve.gif'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'JPEG image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['public.jpeg'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'PNG image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['public.png'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'WebP image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['org.webmproject.webp'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'Tiff image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['public.tiff'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'Bmp image',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['com.microsoft.bmp'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+            {
+                'CFBundleTypeName': 'Plain text document',
+                'CFBundleTypeIconFile': 'document.icns',
+                'LSItemContentTypes': ['public.plain-text'],
+                'LSHandlerRank': 'Alternate',
+                'NSExportableTypes': ['public.json','public.comma-separated-values-text','public.plain-text'],
+            },
+        ],
+    },
+)
--- a/installer/win_file_version_info_template.txt
+++ b/installer/win_file_version_info_template.txt
--- a/mypy.ini
+++ b/mypy.ini
@@ -1,4 +1 @@
 [mypy]
-
-[mypy-protobuf_generated_python.*]
-ignore_errors = True
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,8 +1,10 @@
 [build-system]
 requires = [
-  "setuptools>=64.0.0", "wheel>=0.37.0", "pip",
+  "pip",
+  "nuitka",
  # https://setuptools-git-versioning.readthedocs.io/en/latest/differences.html
-  "setuptools-git-versioning",
+   "setuptools-git-versioning",
+  "wheel>=0.37.0",
 ]
 build-backend = "setuptools.build_meta"

@@ -18,11 +20,12 @@ classifiers = [
    "Topic :: Utilities",
    "Topic :: Security",
    "Topic :: Multimedia :: Graphics :: Capture :: Digital Camera",
-    "Programming Language :: Python :: 3.7",
-    "Programming Language :: Python :: 3.8",
    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
    "Intended Audience :: End Users/Desktop",
    "Intended Audience :: Developers",
    "Intended Audience :: System Administrators",
@@ -37,16 +40,15 @@ classifiers = [
 ]
 dependencies = [
  "colorama>=0.4.6",
-  "opencv-contrib-python; sys_platform != 'darwin'",
-  "opencv-contrib-python<=4.7.0; sys_platform == 'darwin'",
+  "opencv-contrib-python",
+  "numpy>=2.0,<2.1 ; python_version >= '3.9' and python_version < '3.10'",
+  "numpy>=2.2,<2.3 ; python_version >= '3.10' and python_version < '3.11'",
+  "numpy>=2.3,<3.0 ; python_version >= '3.11'",
  "Pillow",
  "protobuf",
  "pyzbar",
  "qrcode",
  "qreader<2.0.0",
-  # workaround for PYTHON <= 3.7: compatibility
-  "typing_extensions; python_version<='3.7'",
-  "importlib_metadata; python_version<='3.7'",
 ]
 description = "Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as 'Google Authenticator'"
 dynamic = ["version"]
@@ -55,7 +57,7 @@ license = {text = "GNU General Public License v3 (GPLv3)"}
 readme = "README.md"
 authors = [{name = "scito", email = "info@scito.ch"}]
 maintainers = [{name = "scito", email = "info@scito.ch"}]
-requires-python = ">=3.7, <4"
+requires-python = ">=3.9, <4"
 scripts = {extract_otp_secrets = "extract_otp_secrets:sys_main"}
 urls = {Project-URL = "https://github.com/scito/extract_otp_secrets", Bug-Reports = "https://github.com/scito/extract_otp_secrets/issues", Source = "https://github.com/scito/extract_otp_secrets"}

--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -3,6 +3,7 @@ flake8
 gfm-toc
 mypy
 mypy-protobuf
+nuitka
 pyinstaller
 pylint
 pytest
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,10 +1,10 @@
 colorama>=0.4.6
-importlib_metadata; python_version<='3.7'
-opencv-contrib-python; sys_platform != 'darwin'
-opencv-contrib-python<=4.7.0; sys_platform == 'darwin'
+opencv-contrib-python
+numpy>=2.0,<2.1 ; python_version >= "3.9" and python_version < "3.10"
+numpy>=2.2,<2.3 ; python_version >= "3.10" and python_version < "3.11"
+numpy>=2.3,<3.0 ; python_version >= "3.11"
 Pillow
 protobuf
 pyzbar
 qrcode
 qreader<2.0.0
-typing_extensions; python_version<='3.7'
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,7 @@
 name = extract_otp_secrets

 [options]
-python_requires = >=3.7, <4
+python_requires = >=3.9, <4
 py_modules = extract_otp_secrets, protobuf_generated_python.google_auth_pb2
 package_dir =
    =src
--- a/src/extract_otp_secrets.py
+++ b/src/extract_otp_secrets.py
@@ -36,6 +36,7 @@ import argparse
 import base64
 import csv
 import fileinput
+import glob
 import json
 import os
 import platform
@@ -43,35 +44,24 @@ import re
 import sys
 import urllib.parse as urlparse
 from enum import Enum, IntEnum
-from typing import Any, List, Optional, Sequence, TextIO, Tuple, Union
+from importlib.metadata import PackageNotFoundError, version
+from typing import (Any, Final, List, Optional, Sequence, TextIO, Tuple,
+                    TypedDict, Union)

 import colorama
-from pkg_resources import DistributionNotFound, get_distribution
-from qrcode import QRCode  # type: ignore
+from qrcode import QRCode

 import protobuf_generated_python.google_auth_pb2 as pb

-# workaround for PYTHON <= 3.7: compatibility
-if sys.version_info >= (3, 8):
-    from typing import Final, TypedDict
-else:
-    from typing_extensions import Final, TypedDict
-
-# workaround for PYTHON <= 3.7: compatibility
-if sys.version_info >= (3, 8):
-    from importlib.metadata import PackageNotFoundError, version
-else:
-    from importlib_metadata import PackageNotFoundError, version
-
-
 debug_mode = '-d' in sys.argv[1:] or '--debug' in sys.argv[1:]
 quiet = '-q' in sys.argv[1:] or '--quiet' in sys.argv[1:]
 headless: bool = False


 try:
-    import cv2  # type: ignore # TODO use cv2 types if available
-    import numpy as np  # TODO use numpy types if available
+    import cv2
+    import cv2.typing
+    import numpy as np

    try:
        import tkinter
@@ -87,9 +77,8 @@ try:
    except Exception as e:
        if not quiet:
            print(f"""
-WARN: Cannot import pyzbar or qreader module. This problem is probably due to the missing zbar shared library.
-On Linux and macOS libzbar0 must be installed.
-See in README.md for the installation of the libzbar0.
+WARN: Cannot import pyzbar module. This problem is probably due to the missing zbar shared library. (The zbar library is optional.)
+See in README.md for the installation of the zbar shared library.
 Exception: {e}\n""", file=sys.stderr)
        zbar_available = False
        if debug_mode:
@@ -105,9 +94,8 @@ Exception: {e}\n""", file=sys.stderr)
    FONT_SCALE: Final[float] = 1.3
    FONT_THICKNESS: Final[int] = 1
    FONT_LINE_STYLE: Final[int] = cv2.LINE_AA
-    FONT_COLOR: Final[ColorBGR] = (255, 0, 0)
+    FONT_COLOR: Final[ColorBGR] = 255, 0, 0
    BOX_THICKNESS: Final[int] = 5
-    # workaround for PYTHON <= 3.7: must use () for assignments
    WINDOW_X: Final[int] = 0
    WINDOW_Y: Final[int] = 1
    WINDOW_WIDTH: Final[int] = 2
@@ -116,10 +104,10 @@ Exception: {e}\n""", file=sys.stderr)
    TEXT_HEIGHT: Final[int] = 1
    BORDER: Final[int] = 5
    START_Y: Final[int] = 20
-    START_POS_TEXT: Final[Point] = (BORDER, START_Y)
-    NORMAL_COLOR: Final[ColorBGR] = (255, 0, 255)
-    SUCCESS_COLOR: Final[ColorBGR] = (0, 255, 0)
-    FAILURE_COLOR: Final[ColorBGR] = (0, 0, 255)
+    START_POS_TEXT: Final[Point] = BORDER, START_Y
+    NORMAL_COLOR: Final[ColorBGR] = 255, 0, 255
+    SUCCESS_COLOR: Final[ColorBGR] = 0, 255, 0
+    FAILURE_COLOR: Final[ColorBGR] = 0, 0, 255
    CHAR_DX: Final[int] = (lambda text: cv2.getTextSize(text, FONT, FONT_SCALE, FONT_THICKNESS)[0][TEXT_WIDTH] // len(text))("28 QR codes capturedMMM")
    FONT_DY: Final[int] = cv2.getTextSize("M", FONT, FONT_SCALE, FONT_THICKNESS)[0][TEXT_HEIGHT] + 5
    WINDOW_NAME: Final[str] = "Extract OTP Secrets: Capture QR Codes from Camera"
@@ -132,12 +120,12 @@ except ImportError as e:
    if debug_mode:
        raise e

-# Workaround for PYTHON <= 3.9: Union[int, None] used instead of int | None
+# Workaround for PYTHON <= 3.9: Generally Union[int, None] used instead of int | None

 # Types
 Args = argparse.Namespace
 OtpUrl = str
-# workaround for PYTHON <= 3.7: Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': int | None, 'url': OtpUrl})
+# Workaround for PYTHON <= 3.9: Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': int | None, 'url': OtpUrl})
 Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': Union[int, None], 'url': OtpUrl})
 # workaround for PYTHON <= 3.9: Otps = list[Otp]
 Otps = List[Otp]
@@ -200,6 +188,8 @@ def main(sys_args: list[str]) -> None:
    write_csv(args.csv, otps)
    write_keepass_csv(args.keepass, otps)
    write_json(args.json, otps)
+    write_txt(args.txt, otps, True)
+    write_urls(args.urls, otps)


 # workaround for PYTHON <= 3.9 use: pb.MigrationPayload | None
@@ -262,9 +252,9 @@ def extract_otp_from_otp_url(otpauth_migration_url: str, otps: Otps, urls_count:
            if not quiet:
                print_otp(otp)
            if args.printqr:
-                print_qr(args, otp_url)
+                print_qr(otp_url)
            if args.saveqr:
-                save_qr(otp, args, len(otps))
+                save_qr_image(otp, args.saveqr, len(otps))
            if not quiet:
                print()
        elif args.ignore and not quiet:
@@ -276,9 +266,7 @@ def extract_otp_from_otp_url(otpauth_migration_url: str, otps: Otps, urls_count:
 def parse_args(sys_args: list[str]) -> Args:
    global verbose, quiet, colored

-    # For PYTHON <= 3.7: Use :=
-    name = os.path.basename(sys.argv[0])
-    cmd = f"python {name}" if name.endswith('.py') else f"{name}"
+    cmd = f"python {name}" if (name := os.path.basename(sys.argv[0])).endswith('.py') else f"{name}"
    description_text = "Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps"
    if cv2_available:
        description_text += "\nIf no infiles are provided, a GUI window starts and QR codes are captured from the camera."
@@ -294,11 +282,13 @@ def parse_args(sys_args: list[str]) -> Args:
                                         epilog=example_text)
    arg_parser.add_argument('infile', help="""a) file or - for stdin with 'otpauth-migration://...' URLs separated by newlines, lines starting with # are ignored;
 b) image file containing a QR code or = for stdin for an image containing a QR code""", nargs='*' if cv2_available else '+')
-    arg_parser.add_argument('--csv', '-c', help='export csv file or - for stdout', metavar=('FILE'))
+    arg_parser.add_argument('--csv', '-c', help='export csv file, or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--keepass', '-k', help='export totp/hotp csv file(s) for KeePass, - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--json', '-j', help='export json file or - for stdout', metavar=('FILE'))
-    arg_parser.add_argument('--printqr', '-p', help='print QR code(s) as text to the terminal (requires qrcode module)', action='store_true')
-    arg_parser.add_argument('--saveqr', '-s', help='save QR code(s) as images to the given folder (requires qrcode module)', metavar=('DIR'))
+    arg_parser.add_argument('--txt', '-t', help='export txt file or - for stdout', metavar=('FILE'))
+    arg_parser.add_argument('--urls', '-u', help='export file with list of otpauth urls, or - for stdout', metavar=('FILE'))
+    arg_parser.add_argument('--printqr', '-p', help='print QR code(s) as text to the terminal', action='store_true')
+    arg_parser.add_argument('--saveqr', '-s', help='save QR code(s) as images to directory', metavar=('DIR'))
    if cv2_available:
        arg_parser.add_argument('--camera', '-C', help='camera number of system (default camera: 0)', default=0, type=int, metavar=('NUMBER'))
        if not zbar_available:
@@ -314,13 +304,14 @@ b) image file containing a QR code or = for stdin for an image containing a QR c
    output_group.add_argument('-q', '--quiet', help='no stdout output, except output set by -', action='store_true')
    args = arg_parser.parse_args(sys_args)
    colored = not args.no_color
-    if args.csv == '-' or args.json == '-' or args.keepass == '-':
+    if args.csv == '-' or args.json == '-' or args.keepass == '-' or args.txt == '-' or args.urls == '-':
        args.quiet = args.q = True

    verbose = args.verbose if args.verbose else LogLevel.NORMAL
    if args.debug:
        verbose = LogLevel.DEBUG
        log_debug('Debug mode start')
+        log_debug(args)
    quiet = True if args.quiet else False
    if verbose: print(f"QReader installed: {cv2_available}")
    if cv2_available:
@@ -389,14 +380,22 @@ def extract_otps_from_camera(args: Args) -> Otps:
            qr_mode = next_qr_mode(qr_mode)
            continue

-        cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
-        cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
-        cv2_print_text(img, "Press C/J/K to save as csv/json/keepass file", 2, TextPosition.LEFT, FONT_COLOR, None)
+        try:
+            cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
+            cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
+            cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)

-        cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
-        cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)

-        cv2.imshow(WINDOW_NAME, img)
+            cv2.imshow(WINDOW_NAME, img)
+        except cv2.error as e:
+            # Workaround due to Gtk2/3 problem, see #444
+            if e.code == cv2.Error.StsNullPtr:
+                # Window closed
+                break
+            else:
+                raise e

        quit, qr_mode = cv2_handle_pressed_keys(qr_mode, otps)
        if quit:
@@ -418,16 +417,15 @@ def get_color(new_otps_count: int, otp_url: str) -> ColorBGR:
            return NORMAL_COLOR


-# TODO use cv2 types if available
-def cv2_draw_box(img: Any, raw_pts: Any, color: ColorBGR) -> Any:
+# TODO use proper cv2 types if available
+def cv2_draw_box(img: cv2.typing.MatLike, raw_pts: cv2.typing.MatLike | list[tuple[Any, Any]], color: ColorBGR) -> np.ndarray[Any, np.dtype[np.int32]]:
    pts = np.array([raw_pts], np.int32)
    pts = pts.reshape((-1, 1, 2))
    cv2.polylines(img, [pts], True, color, BOX_THICKNESS)
    return pts


-# TODO use cv2 types if available
-def cv2_print_text(img: Any, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
+def cv2_print_text(img: cv2.typing.MatLike, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
    window_dim = cv2.getWindowImageRect(WINDOW_NAME)
    out_text = text
    if opposite_len:
@@ -459,7 +457,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.csv',
                filetypes=[('CSV', '*.csv'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_csv(file_name, otps)
    elif (key == ord('j') or key == ord('J')) and is_not_headless():
@@ -471,7 +469,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.json',
                filetypes=[('JSON', '*.json'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_json(file_name, otps)
    elif (key == ord('k') or key == ord('K')) and is_not_headless():
@@ -483,15 +481,37 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                defaultextension='.csv',
                filetypes=[('CSV', '*.csv'), ('All', '*.*')]
            )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
            if len(file_name) > 0:
                write_keepass_csv(file_name, otps)
+    elif (key == ord('t') or key == ord('T')) and is_not_headless():
+        if has_no_otps_show_warning(otps):
+            pass
+        else:
+            file_name = tkinter.filedialog.asksaveasfilename(
+                title="Save extracted otp secrets as text",
+                defaultextension='.txt',
+                filetypes=[('Text', '*.txt'), ('All', '*.*')]
+            )
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
+            if len(file_name) > 0:
+                write_txt(file_name, otps, True)
+    elif (key == ord('u') or key == ord('U')) and is_not_headless():
+        if has_no_otps_show_warning(otps):
+            pass
+        else:
+            file_name = tkinter.filedialog.asksaveasfilename(
+                title="Save extracted otp secrets as list of urls",
+                defaultextension='.txt',
+                filetypes=[('Text', '*.txt'), ('All', '*.*')]
+            )
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
+            if len(file_name) > 0:
+                write_urls(file_name, otps)
    elif key == 32:
        qr_mode = next_valid_qr_mode(qr_mode, zbar_available)
        if verbose >= LogLevel.MORE_VERBOSE: print(f"QR reading mode: {qr_mode}")
-    if cv2.getWindowProperty(WINDOW_NAME, cv2.WND_PROP_VISIBLE) < 1:
-        # Window close clicked
-        quit = True
+    # Do not check for invisible window due to Gtk2/3 problem, see #444
    return quit, qr_mode


@@ -514,14 +534,20 @@ def extract_otps_from_files(args: Args) -> Otps:

    files_count = urls_count = otps_count = 0
    if verbose: print(f"Input files: {args.infile}")
-    for infile in args.infile:
-        if verbose >= LogLevel.MORE_VERBOSE: log_verbose(f"Processing infile {infile}")
-        files_count += 1
-        for line in get_otp_urls_from_file(infile, args):
-            if verbose >= LogLevel.MORE_VERBOSE: log_verbose(line)
-            if line.startswith('#') or line == '': continue
-            urls_count += 1
-            otps_count += extract_otp_from_otp_url(line, otps, urls_count, infile, args)
+    for infile_raw in args.infile:
+        expanded_infiles = glob.glob(infile_raw)
+        if not expanded_infiles:
+            expanded_infiles = [infile_raw]
+            if verbose >= LogLevel.DEBUG: log_debug(f"Could not expand input files, fallback to infile {infile_raw}")
+        if verbose >= LogLevel.DEBUG: log_debug(f"Expanded input files: {expanded_infiles}")
+        for infile in expanded_infiles:
+            if verbose >= LogLevel.MORE_VERBOSE: log_verbose(f"Processing infile {infile}")
+            files_count += 1
+            for line in get_otp_urls_from_file(infile, args):
+                if verbose >= LogLevel.MORE_VERBOSE: log_verbose(line)
+                if line.startswith('#') or line == '': continue
+                urls_count += 1
+                otps_count += extract_otp_from_otp_url(line, otps, urls_count, infile, args)
    if verbose: print(f"Extracted {otps_count} otp{'s'[:otps_count != 1]} from {urls_count} otp url{'s'[:urls_count != 1]} by reading {files_count} infile{'s'[:files_count != 1]}")
    return otps

@@ -579,7 +605,7 @@ def convert_img_to_otp_urls(filename: str, args: Args) -> OtpUrls:
                stdin = sys.stdin.buffer.read()
            except AttributeError:
                # Workaround for pytest, since pytest cannot monkeypatch sys.stdin.buffer
-                stdin = sys.stdin.read()  # type: ignore # Workaround for pytest fixtures
+                stdin = sys.stdin.read()
            if not stdin:
                log_warn("stdin is empty")
            try:
@@ -655,39 +681,60 @@ def build_otp_url(secret: str, raw_otp: pb.MigrationPayload.OtpParameters) -> st
    return otp_url


-def print_otp(otp: Otp) -> None:
-    print(f"Name:    {otp['name']}")
-    print(f"Secret:  {otp['secret']}")
-    if otp['issuer']: print(f"Issuer:  {otp['issuer']}")
-    print(f"Type:    {otp['type']}")
+def print_otp(otp: Otp, out: Optional[TextIO] = None) -> None:
+    print(f"Name:    {otp['name']}", file=out)
+    print(f"Secret:  {otp['secret']}", file=out)
+    if otp['issuer']: print(f"Issuer:  {otp['issuer']}", file=out)
+    print(f"Type:    {otp['type']}", file=out)
    if otp['type'] == 'hotp':
-        print(f"Counter: {otp['counter']}")
+        print(f"Counter: {otp['counter']}", file=out)
    if verbose:
-        print(otp['url'])
+        print(otp['url'], file=out)


-def save_qr(otp: Otp, args: Args, j: int) -> str:
-    dir = args.saveqr
+def write_url(otp: Otp, out: Optional[TextIO] = None) -> None:
+    print(otp['url'], file=out)
+
+
+def save_qr_image(otp: Otp, dir: str, j: int) -> str:
    if not (os.path.exists(dir)): os.makedirs(dir, exist_ok=True)
    pattern = re.compile(r'[\W_]+')
    file_otp_name = pattern.sub('', otp['name'])
    file_otp_issuer = pattern.sub('', otp['issuer'])
-    save_qr_file(args, otp['url'], f"{dir}/{j}-{file_otp_name}{'-' + file_otp_issuer if file_otp_issuer else ''}.png")
+    save_qr_image_file(otp['url'], f"{dir}/{j}-{file_otp_name}{'-' + file_otp_issuer if file_otp_issuer else ''}.png")
    return file_otp_name


-def save_qr_file(args: Args, otp_url: OtpUrl, name: str) -> None:
+def save_qr_image_file(otp_url: OtpUrl, name: str) -> None:
    qr = QRCode()
    qr.add_data(otp_url)
    img = qr.make_image(fill_color='black', back_color='white')
    if verbose: print(f"Saving to {name}")
-    img.save(name)
+    img.save(name)  # type: ignore


-def print_qr(args: Args, otp_url: str) -> None:
+def print_qr(otp_url: str, out: Optional[TextIO] = None) -> None:
    qr = QRCode()
    qr.add_data(otp_url)
-    qr.print_ascii()
+    qr.print_ascii(out)
+
+
+def write_txt(file: str, otps: Otps, write_qr: bool = False) -> None:
+    if file and len(file) > 0 and len(otps) > 0:
+        with open_file_or_stdout(file) as outfile:
+            for otp in otps:
+                print_otp(otp, outfile)
+                if write_qr:
+                    print_qr(otp['url'], outfile)
+                print(file=outfile)
+
+
+def write_urls(file: str, otps: Otps) -> None:
+    if file and len(file) > 0 and len(otps) > 0:
+        with open_file_or_stdout(file) as outfile:
+            for otp in otps:
+                write_url(otp, outfile)
+        if not quiet: print(f"Exported {len(otps)} otp{'s'[:len(otps) != 1]} to otpauth url list file {file}")


 def write_csv(file: str, otps: Otps) -> None:
@@ -713,8 +760,8 @@ def write_keepass_csv(file: str, otps: Otps) -> None:
        if has_hotp:
            count_hotp_entries = write_keepass_htop_csv(otp_filename_hotp, otps)
        if not quiet:
-            if count_totp_entries: print(f"Exported {count_totp_entries} totp entrie{'s'[:count_totp_entries != 1]} to keepass csv file {otp_filename_totp}")
-            if count_hotp_entries: print(f"Exported {count_hotp_entries} hotp entrie{'s'[:count_hotp_entries != 1]} to keepass csv file {otp_filename_hotp}")
+            if has_totp and count_totp_entries: print(f"Exported {count_totp_entries} totp entrie{'s'[:count_totp_entries != 1]} to keepass csv file {otp_filename_totp}")
+            if has_hotp and count_hotp_entries: print(f"Exported {count_hotp_entries} hotp entrie{'s'[:count_hotp_entries != 1]} to keepass csv file {otp_filename_hotp}")


 def write_keepass_totp_csv(file: str, otps: Otps) -> int:
@@ -796,7 +843,7 @@ def check_file_exists(filename: str) -> None:
 def has_no_otps_show_warning(otps: Otps) -> bool:
    if len(otps) == 0:
        tkinter.messagebox.showinfo(title="No data", message="There are no otp secrets to write")
-        tk_root.update()  # dispose dialog
+        tk_root.update()  # dispose dialog # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
    return len(otps) == 0


@@ -876,27 +923,20 @@ def get_raw_version() -> str:
        return __version__
    except PackageNotFoundError:
        # package is not installed
-        pass
-
-    # In some cases importlib cannot properly detect package version, for example it was compiled into executable file, so it uses some custom import mechanism.
-    # Instead, use pkg_resources which is included in setuptools (but has a significant runtime cost)
-
-    try:
-        __version__ = get_distribution("package-name").version
-        return __version__
-    except DistributionNotFound:
-        # package is not installed
-        pass
-
-    return ''
+        return ''


 # workaround for PYTHON <= 3.9 use: BaseException | None
 def log_debug(*values: object, sep: Optional[str] = ' ') -> None:
+    if os.name == 'nt':
+        # Workaround "Windows fatal exception: access violation"
+        print(f"\nDEBUG: {str(values[0])}")
+        return
+
    if colored:
-        print(f"{colorama.Fore.CYAN}\nDEBUG: {str(values[0])}", *values[1:], colorama.Fore.RESET, sep)
+        print(f"{colorama.Fore.CYAN}\nDEBUG: {str(values[0])}", *values[1:], colorama.Fore.RESET, sep=sep)
    else:
-        print(f"\nDEBUG: {str(values[0])}", *values[1:], sep)
+        print(f"\nDEBUG: {str(values[0])}", *values[1:], sep=sep)


 # workaround for PYTHON <= 3.9 use: BaseException | None
--- a/src/protobuf_generated_python/google_auth_pb2.py
+++ b/src/protobuf_generated_python/google_auth_pb2.py
@@ -1,11 +1,22 @@
 # -*- coding: utf-8 -*-
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
+# NO CHECKED-IN PROTOBUF GENCODE
 # source: google_auth.proto
+# Protobuf Python Version: 6.33.0
 """Generated protocol buffer code."""
-from google.protobuf.internal import builder as _builder
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import runtime_version as _runtime_version
 from google.protobuf import symbol_database as _symbol_database
+from google.protobuf.internal import builder as _builder
+_runtime_version.ValidateProtobufRuntimeVersion(
+    _runtime_version.Domain.PUBLIC,
+    6,
+    33,
+    0,
+    '',
+    'google_auth.proto'
+)
 # @@protoc_insertion_point(imports)

 _sym_db = _symbol_database.Default()
@@ -15,17 +26,17 @@ _sym_db = _symbol_database.Default()

 DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x11google_auth.proto\"\xb7\x03\n\x10MigrationPayload\x12\x37\n\x0eotp_parameters\x18\x01 \x03(\x0b\x32\x1f.MigrationPayload.OtpParameters\x12\x0f\n\x07version\x18\x02 \x01(\x05\x12\x12\n\nbatch_size\x18\x03 \x01(\x05\x12\x13\n\x0b\x62\x61tch_index\x18\x04 \x01(\x05\x12\x10\n\x08\x62\x61tch_id\x18\x05 \x01(\x05\x1a\xb7\x01\n\rOtpParameters\x12\x0e\n\x06secret\x18\x01 \x01(\x0c\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x0e\n\x06issuer\x18\x03 \x01(\t\x12.\n\talgorithm\x18\x04 \x01(\x0e\x32\x1b.MigrationPayload.Algorithm\x12\x0e\n\x06\x64igits\x18\x05 \x01(\x05\x12\'\n\x04type\x18\x06 \x01(\x0e\x32\x19.MigrationPayload.OtpType\x12\x0f\n\x07\x63ounter\x18\x07 \x01(\x03\",\n\tAlgorithm\x12\x10\n\x0c\x41LGO_INVALID\x10\x00\x12\r\n\tALGO_SHA1\x10\x01\"6\n\x07OtpType\x12\x0f\n\x0bOTP_INVALID\x10\x00\x12\x0c\n\x08OTP_HOTP\x10\x01\x12\x0c\n\x08OTP_TOTP\x10\x02\x62\x06proto3')

-_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
-_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'google_auth_pb2', globals())
-if _descriptor._USE_C_DESCRIPTORS == False:
-
-  DESCRIPTOR._options = None
-  _MIGRATIONPAYLOAD._serialized_start=22
-  _MIGRATIONPAYLOAD._serialized_end=461
-  _MIGRATIONPAYLOAD_OTPPARAMETERS._serialized_start=176
-  _MIGRATIONPAYLOAD_OTPPARAMETERS._serialized_end=359
-  _MIGRATIONPAYLOAD_ALGORITHM._serialized_start=361
-  _MIGRATIONPAYLOAD_ALGORITHM._serialized_end=405
-  _MIGRATIONPAYLOAD_OTPTYPE._serialized_start=407
-  _MIGRATIONPAYLOAD_OTPTYPE._serialized_end=461
+_globals = globals()
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'google_auth_pb2', _globals)
+if not _descriptor._USE_C_DESCRIPTORS:
+  DESCRIPTOR._loaded_options = None
+  _globals['_MIGRATIONPAYLOAD']._serialized_start=22
+  _globals['_MIGRATIONPAYLOAD']._serialized_end=461
+  _globals['_MIGRATIONPAYLOAD_OTPPARAMETERS']._serialized_start=176
+  _globals['_MIGRATIONPAYLOAD_OTPPARAMETERS']._serialized_end=359
+  _globals['_MIGRATIONPAYLOAD_ALGORITHM']._serialized_start=361
+  _globals['_MIGRATIONPAYLOAD_ALGORITHM']._serialized_end=405
+  _globals['_MIGRATIONPAYLOAD_OTPTYPE']._serialized_start=407
+  _globals['_MIGRATIONPAYLOAD_OTPTYPE']._serialized_end=461
 # @@protoc_insertion_point(module_scope)
--- a/src/protobuf_generated_python/google_auth_pb2.pyi
+++ b/src/protobuf_generated_python/google_auth_pb2.pyi
@@ -2,6 +2,7 @@
@generated by mypy-protobuf.  Do not edit manually!
 isort:skip_file
 """
+
 import builtins
 import collections.abc
 import google.protobuf.descriptor
@@ -18,7 +19,7 @@ else:

 DESCRIPTOR: google.protobuf.descriptor.FileDescriptor

-@typing_extensions.final
+@typing.final
 class MigrationPayload(google.protobuf.message.Message):
    """Copied from: https://github.com/beemdevelopment/Aegis/blob/master/app/src/main/proto/google_auth.proto"""

@@ -28,7 +29,7 @@ class MigrationPayload(google.protobuf.message.Message):
        ValueType = typing.NewType("ValueType", builtins.int)
        V: typing_extensions.TypeAlias = ValueType

-    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):  # noqa: F821
+    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):
        DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
        ALGO_INVALID: MigrationPayload._Algorithm.ValueType  # 0
        ALGO_SHA1: MigrationPayload._Algorithm.ValueType  # 1
@@ -41,7 +42,7 @@ class MigrationPayload(google.protobuf.message.Message):
        ValueType = typing.NewType("ValueType", builtins.int)
        V: typing_extensions.TypeAlias = ValueType

-    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):  # noqa: F821
+    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):
        DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
        OTP_INVALID: MigrationPayload._OtpType.ValueType  # 0
        OTP_HOTP: MigrationPayload._OtpType.ValueType  # 1
@@ -52,7 +53,7 @@ class MigrationPayload(google.protobuf.message.Message):
    OTP_HOTP: MigrationPayload.OtpType.ValueType  # 1
    OTP_TOTP: MigrationPayload.OtpType.ValueType  # 2

-    @typing_extensions.final
+    @typing.final
    class OtpParameters(google.protobuf.message.Message):
        DESCRIPTOR: google.protobuf.descriptor.Descriptor

@@ -81,19 +82,19 @@ class MigrationPayload(google.protobuf.message.Message):
            type: global___MigrationPayload.OtpType.ValueType = ...,
            counter: builtins.int = ...,
        ) -> None: ...
-        def ClearField(self, field_name: typing_extensions.Literal["algorithm", b"algorithm", "counter", b"counter", "digits", b"digits", "issuer", b"issuer", "name", b"name", "secret", b"secret", "type", b"type"]) -> None: ...
+        def ClearField(self, field_name: typing.Literal["algorithm", b"algorithm", "counter", b"counter", "digits", b"digits", "issuer", b"issuer", "name", b"name", "secret", b"secret", "type", b"type"]) -> None: ...

    OTP_PARAMETERS_FIELD_NUMBER: builtins.int
    VERSION_FIELD_NUMBER: builtins.int
    BATCH_SIZE_FIELD_NUMBER: builtins.int
    BATCH_INDEX_FIELD_NUMBER: builtins.int
    BATCH_ID_FIELD_NUMBER: builtins.int
-    @property
-    def otp_parameters(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___MigrationPayload.OtpParameters]: ...
    version: builtins.int
    batch_size: builtins.int
    batch_index: builtins.int
    batch_id: builtins.int
+    @property
+    def otp_parameters(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___MigrationPayload.OtpParameters]: ...
    def __init__(
        self,
        *,
@@ -103,6 +104,6 @@ class MigrationPayload(google.protobuf.message.Message):
        batch_index: builtins.int = ...,
        batch_id: builtins.int = ...,
    ) -> None: ...
-    def ClearField(self, field_name: typing_extensions.Literal["batch_id", b"batch_id", "batch_index", b"batch_index", "batch_size", b"batch_size", "otp_parameters", b"otp_parameters", "version", b"version"]) -> None: ...
+    def ClearField(self, field_name: typing.Literal["batch_id", b"batch_id", "batch_index", b"batch_index", "batch_size", b"batch_size", "otp_parameters", b"otp_parameters", "version", b"version"]) -> None: ...

 global___MigrationPayload = MigrationPayload
--- a/tests/data/print_verbose_output-n-v.txt
+++ b/tests/data/print_verbose_output-n-v.txt
@@ -1,5 +1,5 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

 Input files: ['example_export.txt']
--- a/tests/data/print_verbose_output-n-vv.txt
+++ b/tests/data/print_verbose_output-n-vv.txt
@@ -1,5 +1,5 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

 Input files: ['example_export.txt']
--- a/tests/data/print_verbose_output-n-vvv.txt
+++ b/tests/data/print_verbose_output-n-vvv.txt
@@ -1,10 +1,12 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

-Version: extract_otp_secrets 2.0.2.post50+git.158245dd.dirty Linux x86_64 Python 3.11.1 (CPython/called as script)
+Version: extract_otp_secrets 2.8.4.post4+git.7ce765dd.dirty Linux x86_64 Python 3.11.10 (CPython/called as script)

 Input files: ['example_export.txt']
+
+DEBUG: Expanded input files: ['example_export.txt']
 Processing infile example_export.txt
 Reading lines of example_export.txt
 # 2FA example from https://www.raspberrypi.org/blog/setting-up-two-factor-authentication-on-your-raspberry-pi/
@@ -32,16 +34,17 @@ otpauth-migration://offline?data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8O
 # otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
 otpauth-migration://offline?data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B

-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B', fragment='')  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B', fragment='')

-DEBUG: querystring params={'data': ['CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B']}  
+DEBUG: querystring params={'data': ['CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B']}

-DEBUG: data_base64=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B  
+DEBUG: data_base64=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B

-DEBUG: data_base64_fixed=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B  
+DEBUG: data_base64_fixed=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B

 DEBUG: 
-1. Payload Line otp_parameters {
+1. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  issuer: "raspberrypi"
@@ -52,12 +55,11 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -1320898453
- 


 1. Secret

-DEBUG: OTP enum type: OTP_TOTP  
+DEBUG: OTP enum type: OTP_TOTP
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Issuer:  raspberrypi
@@ -68,16 +70,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspber
 # otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 otpauth-migration://offline?data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D

-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D', fragment='')  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D', fragment='')

-DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=']}  
+DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=']}

-DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=  
+DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=

-DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=  
+DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=

 DEBUG: 
-2. Payload Line otp_parameters {
+2. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  algorithm: ALGO_SHA1
@@ -87,12 +90,11 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -2094403140
- 


 2. Secret

-DEBUG: OTP enum type: OTP_TOTP  
+DEBUG: OTP enum type: OTP_TOTP
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
@@ -103,16 +105,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 # otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 otpauth-migration://offline?data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B

-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B', fragment='')  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B', fragment='')

-DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B']}  
+DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B']}

-DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B  
+DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B

-DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B  
+DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B

 DEBUG: 
-3. Payload Line otp_parameters {
+3. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  algorithm: ALGO_SHA1
@@ -130,12 +133,11 @@ otp_parameters {
 version: 1
 batch_size: 1
 batch_id: -1822886384
- 


 3. Secret

-DEBUG: OTP enum type: OTP_TOTP  
+DEBUG: OTP enum type: OTP_TOTP
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
@@ -144,7 +146,7 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY

 4. Secret

-DEBUG: OTP enum type: OTP_TOTP  
+DEBUG: OTP enum type: OTP_TOTP
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Issuer:  raspberrypi
@@ -155,16 +157,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspber
 # otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
 otpauth-migration://offline?data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D

-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D', fragment='')  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D', fragment='')

-DEBUG: querystring params={'data': ['CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=']}  
+DEBUG: querystring params={'data': ['CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=']}

-DEBUG: data_base64=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=  
+DEBUG: data_base64=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=

-DEBUG: data_base64_fixed=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=  
+DEBUG: data_base64_fixed=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=

 DEBUG: 
-4. Payload Line otp_parameters {
+4. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "hotp demo"
  algorithm: ALGO_SHA1
@@ -175,12 +178,11 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -1558849573
- 


 5. Secret

-DEBUG: OTP enum type: OTP_HOTP  
+DEBUG: OTP enum type: OTP_HOTP
 Name:    hotp demo
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    hotp
@@ -192,16 +194,17 @@ otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
 # Name: "encoding: ¿äÄéÉ? (demo)"
 otpauth-migration://offline?data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D

-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D', fragment='')  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D', fragment='')

-DEBUG: querystring params={'data': ['CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==']}  
+DEBUG: querystring params={'data': ['CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==']}

-DEBUG: data_base64=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==  
+DEBUG: data_base64=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==

-DEBUG: data_base64_fixed=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==  
+DEBUG: data_base64_fixed=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==

 DEBUG: 
-5. Payload Line otp_parameters {
+5. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "encoding: ¿äÄéÉ? (demo)"
  algorithm: ALGO_SHA1
@@ -211,12 +214,11 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -171198419
- 


 6. Secret

-DEBUG: OTP enum type: OTP_TOTP  
+DEBUG: OTP enum type: OTP_TOTP
 Name:    encoding: ¿äÄéÉ? (demo)
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
--- a/tests/data/print_verbose_output-v.txt
+++ b/tests/data/print_verbose_output-v.txt
@@ -1,5 +1,5 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

 Input files: ['example_export.txt']
--- a/tests/data/print_verbose_output-vv.txt
+++ b/tests/data/print_verbose_output-vv.txt
@@ -1,5 +1,5 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

 Input files: ['example_export.txt']
--- a/tests/data/print_verbose_output-vvv.txt
+++ b/tests/data/print_verbose_output-vvv.txt
@@ -1,10 +1,12 @@
 QReader installed: True
-CV2 version: 4.7.0
+CV2 version: 4.10.0
 QR reading mode: ZBAR

-Version: extract_otp_secrets 2.0.2.post50+git.158245dd.dirty Linux x86_64 Python 3.11.1 (CPython/called as script)
+Version: extract_otp_secrets 2.8.4.post4+git.7ce765dd.dirty Linux x86_64 Python 3.11.10 (CPython/called as script)

 Input files: ['example_export.txt']
+[36m
+DEBUG: Expanded input files: ['example_export.txt'] [39m
 [36mProcessing infile example_export.txt[39m
 Reading lines of example_export.txt
 [36m# 2FA example from https://www.raspberrypi.org/blog/setting-up-two-factor-authentication-on-your-raspberry-pi/[39m
@@ -32,16 +34,17 @@ Reading lines of example_export.txt
 [36m# otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi[39m
 [36motpauth-migration://offline?data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B[39m
 [36m
-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B', fragment='') [39m  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK%2B%2F%2F%2F%2F%2F8B', fragment='') [39m
 [36m
-DEBUG: querystring params={'data': ['CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B']} [39m  
+DEBUG: querystring params={'data': ['CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B']} [39m
 [36m
-DEBUG: data_base64=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B [39m  
+DEBUG: data_base64=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B [39m
 [36m
-DEBUG: data_base64_fixed=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B [39m  
+DEBUG: data_base64_fixed=CjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACjr4JKK+/////8B [39m
 [36m
 DEBUG: 
-1. Payload Line otp_parameters {
+1. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  issuer: "raspberrypi"
@@ -52,12 +55,12 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -1320898453
- [39m 

+[39m

 1. Secret
 [36m
-DEBUG: OTP enum type: OTP_TOTP [39m  
+DEBUG: OTP enum type: OTP_TOTP [39m
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Issuer:  raspberrypi
@@ -68,16 +71,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspber
 [36m# otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY[39m
 [36motpauth-migration://offline?data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D[39m
 [36m
-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D', fragment='') [39m  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4%2F%2F%2F%2F%2FwE%3D', fragment='') [39m
 [36m
-DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=']} [39m  
+DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE=']} [39m
 [36m
-DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE= [39m  
+DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE= [39m
 [36m
-DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE= [39m  
+DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACEAEYASAAKLzjp5n4/////wE= [39m
 [36m
 DEBUG: 
-2. Payload Line otp_parameters {
+2. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  algorithm: ALGO_SHA1
@@ -87,12 +91,12 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -2094403140
- [39m 

+[39m

 2. Secret
 [36m
-DEBUG: OTP enum type: OTP_TOTP [39m  
+DEBUG: OTP enum type: OTP_TOTP [39m
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
@@ -103,16 +107,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 [36m# otpauth://totp/pi@raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY[39m
 [36motpauth-migration://offline?data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B[39m
 [36m
-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B', fragment='') [39m  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa%2Bf%2F%2F%2F%2F8B', fragment='') [39m
 [36m
-DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B']} [39m  
+DEBUG: querystring params={'data': ['CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B']} [39m
 [36m
-DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B [39m  
+DEBUG: data_base64=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B [39m
 [36m
-DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B [39m  
+DEBUG: data_base64_fixed=CigKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpIAEoATACCjUKEPqlBekzoNEukL7qlsjBCDYSDnBpQHJhc3BiZXJyeXBpGgtyYXNwYmVycnlwaSABKAEwAhABGAEgACiQ7OOa+f////8B [39m
 [36m
 DEBUG: 
-3. Payload Line otp_parameters {
+3. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "pi@raspberrypi"
  algorithm: ALGO_SHA1
@@ -130,12 +135,12 @@ otp_parameters {
 version: 1
 batch_size: 1
 batch_id: -1822886384
- [39m 

+[39m

 3. Secret
 [36m
-DEBUG: OTP enum type: OTP_TOTP [39m  
+DEBUG: OTP enum type: OTP_TOTP [39m
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
@@ -144,7 +149,7 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY

 4. Secret
 [36m
-DEBUG: OTP enum type: OTP_TOTP [39m  
+DEBUG: OTP enum type: OTP_TOTP [39m
 Name:    pi@raspberrypi
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Issuer:  raspberrypi
@@ -155,16 +160,17 @@ otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspber
 [36m# otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4[39m
 [36motpauth-migration://offline?data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D[39m
 [36m
-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D', fragment='') [39m  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6%2F%2F%2F%2F%2FwE%3D', fragment='') [39m
 [36m
-DEBUG: querystring params={'data': ['CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=']} [39m  
+DEBUG: querystring params={'data': ['CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE=']} [39m
 [36m
-DEBUG: data_base64=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE= [39m  
+DEBUG: data_base64=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE= [39m
 [36m
-DEBUG: data_base64_fixed=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE= [39m  
+DEBUG: data_base64_fixed=CiUKEPqlBekzoNEukL7qlsjBCDYSCWhvdHAgZGVtbyABKAEwATgEEAEYASAAKNuv15j6/////wE= [39m
 [36m
 DEBUG: 
-4. Payload Line otp_parameters {
+4. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "hotp demo"
  algorithm: ALGO_SHA1
@@ -175,12 +181,12 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -1558849573
- [39m 

+[39m

 5. Secret
 [36m
-DEBUG: OTP enum type: OTP_HOTP [39m  
+DEBUG: OTP enum type: OTP_HOTP [39m
 Name:    hotp demo
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    hotp
@@ -192,16 +198,17 @@ otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
 [36m# Name: "encoding: ¿äÄéÉ? (demo)"[39m
 [36motpauth-migration://offline?data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D[39m
 [36m
-DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D', fragment='') [39m  
+DEBUG: parsed_url=ParseResult(scheme='otpauth-migration', netloc='offline', path='', params='', query='data=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv%2F%2F%2F%2F%2F%2FAQ%3D%3D', fragment='') [39m
 [36m
-DEBUG: querystring params={'data': ['CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==']} [39m  
+DEBUG: querystring params={'data': ['CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ==']} [39m
 [36m
-DEBUG: data_base64=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ== [39m  
+DEBUG: data_base64=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ== [39m
 [36m
-DEBUG: data_base64_fixed=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ== [39m  
+DEBUG: data_base64_fixed=CjYKEPqlBekzoNEukL7qlsjBCDYSHGVuY29kaW5nOiDCv8Okw4TDqcOJPyAoZGVtbykgASgBMAIQARgBIAAorfCurv//////AQ== [39m
 [36m
 DEBUG: 
-5. Payload Line otp_parameters {
+5. Payload Line
+otp_parameters {
  secret: "\372\245\005\3513\240\321.\220\276\352\226\310\301\0106"
  name: "encoding: ¿äÄéÉ? (demo)"
  algorithm: ALGO_SHA1
@@ -211,12 +218,12 @@ DEBUG:
 version: 1
 batch_size: 1
 batch_id: -171198419
- [39m 

+[39m

 6. Secret
 [36m
-DEBUG: OTP enum type: OTP_TOTP [39m  
+DEBUG: OTP enum type: OTP_TOTP [39m
 Name:    encoding: ¿äÄéÉ? (demo)
 Secret:  7KSQL2JTUDIS5EF65KLMRQIIGY
 Type:    totp
--- a/tests/data/url_list_output.txt
+++ b/tests/data/url_list_output.txt
@@ -0,0 +1,6 @@
+otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
+otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
--- a/tests/extract_otp_secrets_test.py
+++ b/tests/extract_otp_secrets_test.py
@@ -39,7 +39,7 @@ from utils import (count_files_in_dir, file_exits, read_binary_file_as_stream,
 import extract_otp_secrets

 try:
-    import cv2  # type: ignore
+    import cv2
    from extract_otp_secrets import SUCCESS_COLOR, FAILURE_COLOR, FONT, FONT_SCALE, FONT_COLOR, FONT_THICKNESS, FONT_LINE_STYLE
 except ImportError:
    # ignore
@@ -376,6 +376,79 @@ def test_extract_json_stdout_only_comments(capsys: pytest.CaptureFixture[str]) -
    assert captured.err == ''


+def test_extract_txt(capsys: pytest.CaptureFixture[str], tmp_path: pathlib.Path) -> None:
+    # Arrange
+    output_file = str(tmp_path / 'test_example_output.txt')
+
+    # Act
+    extract_otp_secrets.main(['-q', '-t', output_file, 'example_export.txt'])
+
+    # Assert
+    expected_txt = read_file_to_str('tests/data/printqr_output.txt')
+    actual_txt = read_file_to_str(output_file)
+
+    assert actual_txt == expected_txt
+
+    captured = capsys.readouterr()
+
+    assert captured.out == ''
+    assert captured.err == ''
+
+
+def test_extract_txt_stdout(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-t', '-', 'example_export.txt'])
+
+    # Assert
+    expected_txt = read_file_to_str('tests/data/printqr_output.txt')
+    captured = capsys.readouterr()
+
+    assert captured.out == expected_txt
+    assert captured.err == ''
+
+
+def test_extract_txt_stdout_only_comments(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-t', '-', 'tests/data/only_comments.txt'])
+
+    # Assert
+    captured = capsys.readouterr()
+
+    assert captured.out == ''
+    assert captured.err == ''
+
+
+def test_extract_urls(capsys: pytest.CaptureFixture[str], tmp_path: pathlib.Path) -> None:
+    # Arrange
+    output_file = str(tmp_path / 'test_example_url_list.txt')
+
+    # Act
+    extract_otp_secrets.main(['-q', '-u', output_file, 'example_export.txt'])
+
+    # Assert
+    expected_txt = read_file_to_str('tests/data/url_list_output.txt')
+    actual_txt = read_file_to_str(output_file)
+
+    assert actual_txt == expected_txt
+
+    captured = capsys.readouterr()
+
+    assert captured.out == ''
+    assert captured.err == ''
+
+
+def test_extract_urls_stdout(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-u', '-', 'example_export.txt'])
+
+    # Assert
+    expected_txt = read_file_to_str('tests/data/url_list_output.txt')
+    captured = capsys.readouterr()
+
+    assert captured.out == expected_txt
+    assert captured.err == ''
+
+
 def test_extract_not_encoded_plus(capsys: pytest.CaptureFixture[str]) -> None:
    # Act
    extract_otp_secrets.main(['tests/data/test_plus_problem_export.txt'])
@@ -486,7 +559,7 @@ def test_normalize_bytes() -> None:
 # Generate verbose output:
 # for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do python3.11 src/extract_otp_secrets.py example_export.txt $color $level > tests/data/print_verbose_output$color$level.txt; done; done
 # workaround for PYTHON <= 3.10
-@pytest.mark.skipif(sys.version_info < (3, 10), reason="fileinput.input encoding exists since PYTHON 3.10")
+@pytest.mark.skipif(sys.version_info < (3, 10) or sys.platform.startswith("win"), reason="fileinput.input encoding exists since PYTHON 3.10 OR Windows fatal exception: access violation")
@pytest.mark.parametrize("verbose_level", ['', '-v', '-vv', '-vvv'])
@pytest.mark.parametrize("color", ['', '-n'])
 def test_extract_verbose(verbose_level: str, color: str, capsys: pytest.CaptureFixture[str], relaxed: bool) -> None:
@@ -724,8 +797,10 @@ def test_verbose_and_quiet(capsys: pytest.CaptureFixture[str]) -> None:
    ('-k', 'outfile', False, False),
    ('-k', '-', True, False),
    ('-j', 'outfile', False, False),
-    ('-s', 'outfile', False, False),
    ('-j', '-', True, False),
+    ('-t', 'outfile', False, False),
+    ('-t', '-', True, False),
+    ('-s', 'outfile', False, False),
    ('-i', None, False, False),
    ('-p', None, True, False),
    ('-Q', 'CV2', False, False),
@@ -774,7 +849,14 @@ data=XXXX
 Exception: unpack requires a buffer of 4 bytes
 '''

-    assert captured.err == first_expected_stderr or captured.err == second_expected_stderr
+    #
+    third_expected_stderr = '''
+ERROR: Cannot decode otpauth-migration migration payload.
+data=XXXX
+Exception: Error parsing message with type 'MigrationPayload'
+'''
+
+    assert captured.err == first_expected_stderr or captured.err == second_expected_stderr or captured.err == third_expected_stderr
    assert captured.out == ''
    assert e.value.code == 1
    assert e.type == SystemExit
@@ -787,19 +869,8 @@ def test_wrong_content(capsys: pytest.CaptureFixture[str]) -> None:
    # Assert
    captured = capsys.readouterr()

-    expected_stderr = '''
-WARN: input is not a otpauth-migration:// url
-source: tests/data/test_export_wrong_content.txt
-input: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
-Maybe a wrong file was given
-
-ERROR: could not parse query parameter in input url
-source: tests/data/test_export_wrong_content.txt
-url: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
-'''
-
    assert captured.out == ''
-    assert captured.err == expected_stderr
+    assert captured.err == EXPECTED_STDERR_OTP_URL_WRONG


 def test_one_wrong_file(capsys: pytest.CaptureFixture[str]) -> None:
@@ -809,19 +880,8 @@ def test_one_wrong_file(capsys: pytest.CaptureFixture[str]) -> None:
    # Assert
    captured = capsys.readouterr()

-    expected_stderr = '''
-WARN: input is not a otpauth-migration:// url
-source: tests/data/test_export_wrong_content.txt
-input: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
-Maybe a wrong file was given
-
-ERROR: could not parse query parameter in input url
-source: tests/data/test_export_wrong_content.txt
-url: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
-'''
-
    assert captured.out == EXPECTED_STDOUT_FROM_EXAMPLE_EXPORT
-    assert captured.err == expected_stderr
+    assert captured.err == EXPECTED_STDERR_OTP_URL_WRONG


 def test_one_wrong_file_colored(capsys: pytest.CaptureFixture[str]) -> None:
@@ -831,19 +891,8 @@ def test_one_wrong_file_colored(capsys: pytest.CaptureFixture[str]) -> None:
    # Assert
    captured = capsys.readouterr()

-    expected_stderr = f'''{colorama.Fore.RED}
-WARN: input is not a otpauth-migration:// url
-source: tests/data/test_export_wrong_content.txt
-input: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
-Maybe a wrong file was given{colorama.Fore.RESET}
-{colorama.Fore.RED}
-ERROR: could not parse query parameter in input url
-source: tests/data/test_export_wrong_content.txt
-url: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.{colorama.Fore.RESET}
-'''
-
    assert captured.out == EXPECTED_STDOUT_FROM_EXAMPLE_EXPORT
-    assert captured.err == expected_stderr
+    assert captured.err == EXPECTED_STDERR_COLORED_OTP_URL_WRONG


 def test_one_wrong_line(capsys: pytest.CaptureFixture[str], monkeypatch: pytest.MonkeyPatch) -> None:
@@ -915,6 +964,46 @@ def test_img_qr_reader_from_file_happy_path(capsys: pytest.CaptureFixture[str])
    assert captured.err == ''


+@pytest.mark.qreader
+def test_img_qr_reader_but_no_otp_from_file(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-n', 'tests/data/qr_but_without_otp.png'])
+
+    # Assert
+    captured = capsys.readouterr()
+
+    assert captured.out == ''
+    assert captured.err == EXPECTED_STDERR_NO_OTP_URL
+
+
+@pytest.mark.qreader
+def test_img_qr_reader_from_wildcard(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-n', 'tests/data/*.png'])
+
+    # Assert
+    captured = capsys.readouterr()
+
+    assert captured.out == EXPECTED_STDOUT_FROM_EXAMPLE_EXPORT_PNG
+    assert normalize_testfile_path(captured.err) == EXPECTED_STDERR_NO_OTP_URL
+
+
+def normalize_testfile_path(text: str) -> str:
+    return text.replace('tests/data\\', 'tests/data/') if sys.platform.startswith("win") else text
+
+
+@pytest.mark.qreader
+def test_img_qr_reader_from_multiple_files(capsys: pytest.CaptureFixture[str]) -> None:
+    # Act
+    extract_otp_secrets.main(['-n', 'tests/data/test_googleauth_export.png', 'tests/data/text_masquerading_as_image.jpeg'])
+
+    # Assert
+    captured = capsys.readouterr()
+
+    assert captured.out == EXPECTED_STDOUT_FROM_EXAMPLE_EXPORT_PNG
+    assert captured.err == EXPECTED_STDERR_BAD_IMAGE
+
+
@pytest.mark.qreader
 def test_img_qr_reader_by_parameter(capsys: pytest.CaptureFixture[str], qr_mode: str) -> None:
    # Act
@@ -959,24 +1048,7 @@ def test_img_qr_reader_from_stdin(capsys: pytest.CaptureFixture[str], monkeypatc
    # Assert
    captured = capsys.readouterr()

-    expected_stdout = '''Name:    Test1:test1@example1.com
-Secret:  JBSWY3DPEHPK3PXP
-Issuer:  Test1
-Type:    totp
-
-Name:    Test2:test2@example2.com
-Secret:  JBSWY3DPEHPK3PXQ
-Issuer:  Test2
-Type:    totp
-
-Name:    Test3:test3@example3.com
-Secret:  JBSWY3DPEHPK3PXR
-Issuer:  Test3
-Type:    totp
-
-'''
-
-    assert captured.out == expected_stdout
+    assert captured.out == EXPECTED_STDOUT_FROM_EXAMPLE_EXPORT_PNG
    assert captured.err == ''


@@ -1061,19 +1133,9 @@ def test_non_image_file(capsys: pytest.CaptureFixture[str]) -> None:

    # Assert
    captured = capsys.readouterr()
-    expected_stderr = '''
-WARN: input is not a otpauth-migration:// url
-source: tests/data/text_masquerading_as_image.jpeg
-input: This is just a text file masquerading as an image file.
-Maybe a wrong file was given

-ERROR: could not parse query parameter in input url
-source: tests/data/text_masquerading_as_image.jpeg
-url: This is just a text file masquerading as an image file.
-'''
-
-    assert captured.err == expected_stderr
    assert captured.out == ''
+    assert captured.err == EXPECTED_STDERR_BAD_IMAGE


 def test_next_valid_qr_mode() -> None:
@@ -1127,3 +1189,47 @@ Issuer:  Test3
 Type:    totp

 '''
+
+EXPECTED_STDERR_OTP_URL_WRONG = '''
+WARN: input is not a otpauth-migration:// url
+source: tests/data/test_export_wrong_content.txt
+input: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
+Maybe a wrong file was given
+
+ERROR: could not parse query parameter in input url
+source: tests/data/test_export_wrong_content.txt
+url: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
+'''
+
+EXPECTED_STDERR_COLORED_OTP_URL_WRONG = f'''{colorama.Fore.RED}
+WARN: input is not a otpauth-migration:// url
+source: tests/data/test_export_wrong_content.txt
+input: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
+Maybe a wrong file was given{colorama.Fore.RESET}
+{colorama.Fore.RED}
+ERROR: could not parse query parameter in input url
+source: tests/data/test_export_wrong_content.txt
+url: Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.{colorama.Fore.RESET}
+'''
+
+EXPECTED_STDERR_NO_OTP_URL = '''
+WARN: input is not a otpauth-migration:// url
+source: tests/data/qr_but_without_otp.png
+input: NOT A otpauth-migration:// URL
+Maybe a wrong file was given
+
+ERROR: could not parse query parameter in input url
+source: tests/data/qr_but_without_otp.png
+url: NOT A otpauth-migration:// URL
+'''
+
+EXPECTED_STDERR_BAD_IMAGE = '''
+WARN: input is not a otpauth-migration:// url
+source: tests/data/text_masquerading_as_image.jpeg
+input: This is just a text file masquerading as an image file.
+Maybe a wrong file was given
+
+ERROR: could not parse query parameter in input url
+source: tests/data/text_masquerading_as_image.jpeg
+url: This is just a text file masquerading as an image file.
+'''