build(deps-dev): bump pytest from 9.0.1 to 9.0.2

Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.1 to 9.0.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/9.0.1...9.0.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
         "context": "..",
         //Update 'VARIANT' to pick a Python version: 3, 3.10, ...
         "args": {
-            "VARIANT": "3.11"
+            "VARIANT": "3.14"
         }
     },
     // Add the IDs of extensions you want installed when the container is created.

.gitattributes

@@ -0,0 +1,21 @@
+* text eol=lf
+*.csv text eol=auto
+*.txt text eol=auto
+*.md text eol=auto
+*.sh text eol=lf
+*.bat text eol=crlf
+*.cmd text eol=crlf
+*.ps1 text eol=crlf
+*.png binary
+*.webp binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.ico binary
+*.zip binary
+*.tar binary
+*.gz binary
+*.7z binary
+*.exe binary
+*.dll binary
+*.pdf binary

.github/copilot-instructions.md

@@ -0,0 +1,17 @@
+# Copilot Instructions
+
+This project is a web application that allows users to create and manage tasks. The application is built using Python.
+
+## Coding Standards
+
+- Use snakeCase for variable and function names.
+- Use PascalCase for component names.
+- Use double quotes for strings.
+- Use 4 spaces for indentation.
+
+## Tone
+
+- If I tell you that you are wrong, think about whether or not you think that's true and respond with facts.
+- Avoid apologizing or making conciliatory statements.
+- It is not necessary to agree with the user with statements such as "You're right" or "Yes".
+- Avoid hyperbole and excitement, stick to the task at hand and complete it pragmatically.

.github/workflows/ci.yml

@@ -10,6 +10,7 @@ on:
     paths-ignore:
       - 'docs/**'
       - '**.md'
+      - 'build.sh'
   # pull_request:
   schedule:
     # Run daily on default branch
@@ -19,21 +20,23 @@ jobs:
   build:
 
     strategy:
+      fail-fast: false
       matrix:
         # 3.x is used to run code coverage
-        python-version: ["3.x", "3.13", "3.12", "3.11", "3.10", "3.9", "3.8"]
-        platform: [ubuntu-latest, macos-latest, windows-latest, ubuntu-24.04-arm, macos-13]
-        # exclude:
+        python-version: ["3.x", "3.14", "3.13", "3.12", "3.11", "3.10", "3.9"]
+        platform: [ubuntu-latest, macos-latest, windows-latest, ubuntu-24.04-arm, macos-15-intel]
+#        exclude:
 
     runs-on: ${{ matrix.platform }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
           check-latest: ${{ github.event_name == 'schedule' }}
+          allow-prereleases: false
       - name: Install zbar shared lib for QReader (Linux)
         if: runner.os == 'Linux'
         run: |

.github/workflows/ci_docker.yml

@@ -14,6 +14,7 @@ on:
     paths-ignore:
       - 'docs/**'
       - '**.md'
+      - 'build.sh'
     tags-ignore:
       - '**'
     # branches is needed if tags-ignore is used
@@ -42,7 +43,7 @@ jobs:
     # steps to perform in job
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # avoid building if there are testing errors
       - name: Run smoke test
@@ -78,7 +79,7 @@ jobs:
 
       - name: "Build image (Bookworm/Debian 12) and push to Docker Hub and GitHub Container Registry"
         id: docker_build_qr_reader_latest
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           platforms: linux/${{ matrix.DOCKER_ARCH }}
           # relative path to the place where source code with Dockerfile is located
@@ -88,13 +89,15 @@ jobs:
           # builder: ${{ steps.buildx.outputs.name }}
           # Note: tags has to be all lower-case
           build-args: |
-            BASE_IMAGE=python:3.13-slim-bookworm
+            BASE_IMAGE=python:3.14-slim-trixie
           pull: true
           tags: |
             docker.io/scit0/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
             docker.io/scit0/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:latest-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:bookworm-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
           # build on feature branches, push only on master branch
           push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
 
@@ -112,6 +115,7 @@ jobs:
 
   create-multiarch-debian-manifests:
     name: Create multiarch manifests for Debian image
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
     runs-on: ubuntu-latest
     needs:
       - build-and-push-docker-debian-image
@@ -132,6 +136,7 @@ jobs:
           password: ${{ secrets.GHCR_IO_TOKEN }}
 
       - name: Create multiarch manifests
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
         shell: bash
         run: |
           for tag in \
@@ -164,7 +169,7 @@ jobs:
     # steps to perform in job
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # avoid building if there are testing errors
       - name: Run smoke test
@@ -200,7 +205,7 @@ jobs:
 
       - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
         id: docker_build_only_txt
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           platforms: linux/${{ matrix.DOCKER_ARCH }}
           # relative path to the place where source code with Dockerfile is located
@@ -214,8 +219,10 @@ jobs:
             docker.io/scit0/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:only-txt-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:alpine-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
           # build on feature branches, push only on master branch
-          push: true # ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
+          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
           build-args: |
             RUN_TESTS=true
 
@@ -234,6 +241,7 @@ jobs:
 
   create-multiarch-alpine-manifests:
     name: Create multiarch manifests for Alpine image
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
     runs-on: ubuntu-latest
     needs:
       - build-and-push-docker-alpine-image
@@ -257,6 +265,7 @@ jobs:
           password: ${{ secrets.GHCR_IO_TOKEN }}
 
       - name: Create multiarch manifests
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
         shell: bash
         run: |
           for tag in \
@@ -288,7 +297,7 @@ jobs:
     # steps to perform in job
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # avoid building if there are testing errors
       - name: Run smoke test
@@ -325,7 +334,7 @@ jobs:
       - name: "Build image from Bullseye (Debian 11) and push to GitHub Container Registry"
         id: docker_build_bullseye
         if: github.ref == 'refs/heads/master'
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           platforms: linux/${{ matrix.DOCKER_ARCH }}
           # relative path to the place where source code with Dockerfile is located
@@ -339,6 +348,8 @@ jobs:
           tags: |
             docker.io/scit0/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
             ghcr.io/scito/extract_otp_secrets:bullseye-${{ matrix.PLATFORM_ARCH }}
+          provenance: true
+          sbom: true
           push: ${{ github.secret_source == 'Actions' }}
 
       - name: Image digest
@@ -356,6 +367,7 @@ jobs:
   create-multiarch-bullseye-manifests:
     name: Create multiarch manifests for Bullseye image
     runs-on: ubuntu-latest
+    if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
     needs:
       - build-and-push-docker-bullseye-image
     steps:
@@ -374,7 +386,8 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GHCR_IO_TOKEN }}
 
-      - name: Create multiarch manifests
+      - name:
+        if: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
         shell: bash
         run: |
           for tag in \
@@ -386,3 +399,15 @@ jobs:
                 $tag-arm64
             done
 
+  container-images-clean-up:
+    name: Cleanup old container images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete Container Packages
+        uses: actions/delete-package-versions@v5
+        if: ${{ github.secret_source == 'Actions'}}
+        with:
+          package-name: 'extract_otp_secrets'
+          package-type: 'container'
+          min-versions-to-keep: 1
+          delete-only-untagged-versions: 'true'

.github/workflows/ci_release.yml

@@ -57,7 +57,7 @@ jobs:
       tag_message: ${{ steps.meta.outputs.tag_message }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Set meta data
         id: meta
         # Writing to env with >> $GITHUB_ENV is an alternative
@@ -126,7 +126,7 @@ jobs:
     # steps to perform in job
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # avoid building if there are testing errors
       - name: Run smoke test
@@ -196,7 +196,7 @@ jobs:
           docker run --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files docker.io/scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
       - name: Load Release URL File from release job
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: release_url
       - name: Display structure of files
@@ -226,6 +226,7 @@ jobs:
     needs: create-release
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-github-hosted-runners
         include:
@@ -257,7 +258,7 @@ jobs:
             UPLOAD: false
             CMD_BUILD: |
                 pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu_arm64 src/extract_otp_secrets.py
-          - os: macos-13
+          - os: macos-15-intel
             TARGET: macos
             # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
             EXE: extract_otp_secrets
@@ -291,14 +292,14 @@ jobs:
       - name: List Windir
         if: runner.os == 'Windows'
         run: ls "$($Env:WinDir)\system32"
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Set macos macos_python_path
         # TODO use variable for Python version
-        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.13" >> $GITHUB_ENV
-      - name: Set up Python 3.13
-        uses: actions/setup-python@v5
+        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.14" >> $GITHUB_ENV
+      - name: Set up Python 3.14
+        uses: actions/setup-python@v6
         with:
-          python-version: 3.13
+          python-version: 3.14
           check-latest: true
       - name: Install zbar shared lib for QReader (Linux)
         if: runner.os == 'Linux'
@@ -341,12 +342,12 @@ jobs:
           dist/${{ matrix.EXE }} - < example_export.txt
       - name: Load Release URL File from release job
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: release_url
       - name: Load Release Id File from release job
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: release_id
       - name: Display structure of files
@@ -389,7 +390,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Load Release Id File from release job
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: release_id
       - name: Set meta data

Pipfile

@@ -4,14 +4,15 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
-colorama = ">=0.4.6"
+colorama = "0.4.6"
 opencv-contrib-python = "*"
+numpy = "2.3.5"
 # for macOS: opencv-contrib-python = "<=4.7.0"
 pillow = "*"
 pyzbar = "*"
 protobuf = "*"
 qrcode = "*"
-qreader = "<2.0.0"
+qreader = "1.3.2"
 
 [dev-packages]
 build = "*"
@@ -24,9 +25,7 @@ pylint = "*"
 pytest = "*"
 pytest-cov = "*"
 pytest-mock = "*"
-setuptools-git-versioning = "*"
 types-protobuf = "*"
-wheel = "*"
 
 [requires]
-python_version = "3.11"
+python_version = "3.14"

README.md

@@ -5,7 +5,7 @@
 ![coverage](https://img.shields.io/badge/coverage-95%25-brightgreen)
 [![License](https://img.shields.io/github/license/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/LICENSE)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/scito/extract_otp_secrets?sort=semver)](https://github.com/scito/extract_otp_secrets/releases/latest)  
-![python versions](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-blue)
+![python versions](https://img.shields.io/badge/python-3.9%20%7C%203.10%20%7C%203.11%20%7C%203.12%20%7C%203.13%20%7C%203.14-blue)
 [![Docker image](https://img.shields.io/badge/docker-image-blue)](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets/general)
 [![Linux](https://img.shields.io/badge/os-linux-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
 [![Windows](https://img.shields.io/badge/os-windows-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
@@ -14,7 +14,7 @@
 [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 <!-- ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/protobuf)
 [![GitHub Pipenv locked Python version](https://img.shields.io/github/pipenv/locked/python-version/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/Pipfile.lock)
-![protobuf version](https://img.shields.io/badge/protobuf-5.29.3-informational)-->
+![protobuf version](https://img.shields.io/badge/protobuf-6.33.1-informational)-->
 
 <!-- [![Github all releases](https://img.shields.io/github/downloads/scito/extract_otp_secrets/total.svg)](https://GitHub.com/scito/extract_otp_secrets/releases/) -->
 
@@ -216,7 +216,7 @@ For a detailed installation documentation of [pyzbar](https://github.com/Natural
 
 #### Linux (Debian, Ubuntu, …)
 
-    sudo apt-get install libzbar0
+    sudo apt-get install libgl1 libzbar0
 
 #### Linux (OpenSUSE)
 
@@ -224,7 +224,7 @@ For a detailed installation documentation of [pyzbar](https://github.com/Natural
 
 #### Linux (Fedora)
 
-    sudo dnf install zbar
+    sudo dnf install mesa-libGL zbar
 
 #### Linux (Arch Linux)
 
@@ -366,7 +366,7 @@ python extract_otp_secrets.py = < example_export.png</pre>
     * extract_otp_secrets_macos_x86_64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed)
         * extract_otp_secrets_macos_x86_64.dmg N/A, see [why](#macos)
         * extract_otp_secrets_macos_x86_64.pkg N/A, see [why](#macos)
-* Prebuilt Docker images provided for amd64 and arm64 (🆕 since v2.0)
+* Prebuilt Docker images provided for amd64 and arm64 on [Docker Hub](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets) and [GitHub Packages](https://github.com/users/scito/packages/container/package/extract_otp_secrets) (🆕 since v2.0)
 * Many ways to run the script:
     * Native Python
     * pipenv
@@ -380,7 +380,7 @@ python extract_otp_secrets.py = < example_export.png</pre>
     * macOS
     * Windows
 * Uses UTF-8 on all platforms
-* Supports Python >= 3.8
+* Supports Python >= 3.9
 * Installation of shared system libraries is optional (🆕 since v2.3)
 * Provides a debug mode (-d) for analyzing import problems
 * Written in modern Python using type hints and following best practices
@@ -695,6 +695,18 @@ There is a Bash script for a full local build including linting and type checkin
 ```bash
 ./build.sh
 ```
+or 
+```bash
+PYTHON=python3.11 PIP=pip3.11 DOCKER="sudo podman" ./build.sh -d
+```
+Linux or WSL2 Linux:
+```bash
+DOCKER="sudo podman" ./build.sh -d
+```
+Git for Windows:
+```bash
+MSYS_NO_PATHCONV=1 NOINHERIT=1 DOCKER="podman" ./build.sh -d
+```
 
 The options of the build script:
 
@@ -720,6 +732,17 @@ Options:
 -h, --help              Show help and quit
 ```
 
+#### Additional requirements
+
+* envsubst
+* git
+* perl
+* pip
+
+##### Fedora
+
+sudo dnf install python3-pip perl envsubst
+
 ## Technical background
 
 The export QR code of "Google Authenticator" contains the URL `otpauth-migration://offline?data=…`.
@@ -729,7 +752,7 @@ Command for regeneration of Python code from proto3 message definition file (onl
 
     protoc --plugin=protoc-gen-mypy=path/to/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python src/google_auth.proto
 
-The generated protobuf Python code was generated by protoc 29.3 (https://github.com/protocolbuffers/protobuf/releases/tag/v29.3).
+The generated protobuf Python code was generated by protoc 33.1 (https://github.com/protocolbuffers/protobuf/releases/tag/v33.1).
 
 For Python type hint generation the [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf) package is used.
 

build.sh

@@ -73,6 +73,14 @@ askContinueYn() {
 
 # Reference: https://gist.github.com/steinwaywhw/a4cd19cda655b8249d908261a62687f8
 
+if [[ "$MSYSTEM" == "MINGW64" || "$MSYSTEM" == "MINGW32" || "$MSYSTEM" == "UCRT64" ]]; then
+    LINUX=false
+elif [[ "$(uname -s)" == MINGW* ]]; then
+    LINUX=false
+else
+    LINUX=true
+fi
+
 interactive=false
 ignore_version_check=true
 clean=false
@@ -173,11 +181,19 @@ done
 BIN="$HOME/bin"
 DOWNLOADS="$HOME/downloads"
 
-PYTHON="python3.11"
-PIP="pip3.11"
+# Set python und pip if not already set in environment
+PYTHON="${PYTHON:=python}"
+PIP="${PIP:=pip}"
 PIPENV="$PYTHON -m pipenv"
 FLAKE8="$PYTHON -m flake8"
 MYPY="$PYTHON -m mypy"
+DOCKER="${DOCKER:=docker}"
+
+if $LINUX; then
+    PWD=pwd
+else
+    PWD="pwd -W"
+fi
 
 # sudo ln -s /usr/bin/python3.11 /usr/bin/python
 
@@ -186,7 +202,7 @@ MYPY="$PYTHON -m mypy"
 DEST="protoc"
 
 if $clean; then
-    cmd="docker image prune -f || echo 'No docker image pruned'"
+    cmd="$DOCKER image prune -f || echo 'No docker image pruned'"
     if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
     eval "$cmd"
 
@@ -224,7 +240,7 @@ if $clean; then
 fi
 
 if $build_local; then
-    cmd="$PIP install --use-pep517 -U -r requirements-dev.txt"
+    cmd="$PIP install -U -r requirements-dev.txt"
     if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
     eval "$cmd"
 
@@ -237,7 +253,7 @@ if $build_local; then
     echo -e "\nProtoc remote version $VERSION\n"
     echo -e "Protoc local version: $OLDVERSION\n"
 
-    if [ "$OLDVERSION" != "$VERSION" ] || ! $ignore_version_check; then
+    if [ "$OLDVERSION" != "$VERSION" ] && ! $ignore_version_check; then
         echo "Upgrade protoc from $OLDVERSION to $VERSION"
 
         NAME="protoc-$VERSION"
@@ -298,7 +314,7 @@ if $build_local; then
 
     $PIP --version
 
-    cmd="$PIP install --use-pep517 -U -r requirements.txt"
+    cmd="$PIP install -U -r requirements.txt"
     if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
     eval "$cmd"
 
@@ -381,15 +397,52 @@ if $build_local; then
 
             $PIPENV --version
 
-            cmd="$PIPENV --rm && $PIPENV update && $PIPENV install"
+            cmd="rm Pipfile.lock || echo 'No Pipfile.lock to remove'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="# $PIPENV --rm || echo 'No virtualenv to remove'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV install --dev"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV update --dev"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
             $PIPENV run python --version
 
+            # pip -e install
+
+            cmd="$PIPENV run pip install -U -e ."
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
             cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
+
+
+            cmd="$PIPENV run extract_otp_secrets example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run extract_otp_secrets - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            # Test (needs module)
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="$PIPENV run python src/extract_otp_secrets.py - < example_export.txt"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
         fi
 
         # Build wheel
@@ -449,8 +502,7 @@ if $build_local; then
     fi
 
     # Generate README.md TOC
-
-    cmd="gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
+    cmd="env -u MSYS_NO_PATHCONV gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
     if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
     eval "$cmd"
 
@@ -460,7 +512,7 @@ if $build_local; then
     eval "$cmd"
 
     # create macOS extract_otp_secrets_macos.spec from extract_otp_secrets_macos_template.spec
-    cmd="VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2023' envsubst < installer/extract_otp_secrets_macos_template.spec > build/extract_otp_secrets_macos.spec"
+    cmd="VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-$(date +%Y)' envsubst < installer/extract_otp_secrets_macos_template.spec > build/extract_otp_secrets_macos.spec"
     if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
     eval "$cmd"
 fi
@@ -470,85 +522,85 @@ if $build_docker; then
 
     if $build_x86_64; then
         # Build Dockerfile_only_txt (Alpine)
-        cmd="docker build . -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f docker/Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
+        cmd="$DOCKER build . --network=host -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f docker/Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt example_export.txt"
+        cmd="$DOCKER run --network none --rm -v \"$($PWD):/files:ro\" extract_otp_secrets_only_txt example_export.txt"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt - < example_export.txt"
+        cmd="$DOCKER run --network none --rm -i -v \"$($PWD):/files:ro\" extract_otp_secrets_only_txt - < example_export.txt"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
+        cmd="$DOCKER run --network=host --entrypoint '/extract/run_pytest.sh' --rm -v \"$($PWD):/files:ro\" extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
         # Build extract_otp_secrets (Debian Bookworm)
-        cmd="docker build . -t extract_otp_secrets -t extract_otp_secrets:bookworm --pull -f docker/Dockerfile --build-arg RUN_TESTS=false"
+        cmd="$DOCKER build . --network=host -t extract_otp_secrets -t extract_otp_secrets:bookworm --pull -f docker/Dockerfile --build-arg RUN_TESTS=false"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets example_export.txt"
+        cmd="$DOCKER run --network none --rm -v \"$($PWD):/files:ro\" extract_otp_secrets example_export.txt"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="cat example_export.txt | docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets - -c - > example_output.csv"
+        cmd="cat example_export.txt | $DOCKER run --network none --rm -i -v \"$($PWD):/files:ro\" extract_otp_secrets - -c - > example_output.csv"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets = < example_export.png"
+        cmd="$DOCKER run --network none --rm -i -v \"$($PWD):/files:ro\" extract_otp_secrets = < example_export.png"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets"
+        cmd="$DOCKER run --network=host --entrypoint /extract/run_pytest.sh --rm -v \"$($PWD):/files:ro\" extract_otp_secrets"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
         # Build extract_otp_secrets (Debian Bullseye)
-        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
+        cmd="$DOCKER build . --network=host -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye example_export.txt"
+        cmd="$DOCKER run --network none --rm -v \"$($PWD):/files:ro\" extract_otp_secrets:bullseye example_export.txt"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="cat example_export.txt | docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye - -c - > example_output.csv"
+        cmd="cat example_export.txt | $DOCKER run --network none --rm -i -v \"$($PWD):/files:ro\" extract_otp_secrets:bullseye - -c - > example_output.csv"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --network none --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye = < example_export.png"
+        cmd="$DOCKER run --network none --rm -i -v \"$($PWD):/files:ro\" extract_otp_secrets:bullseye = < example_export.png"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye"
+        cmd="$DOCKER run --network=host --entrypoint /extract/run_pytest.sh --rm -v \"$($PWD):/files:ro\" extract_otp_secrets:bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
         # Build executable from Docker latest
         # sed "1!d" is workaround for head -n 1 since it head procduces exit code != 0
-        BOOKWORM_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+        BOOKWORM_GLIBC_VERSION=$($DOCKER run --network none --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
         echo "Bookworm glibc: $BOOKWORM_GLIBC_VERSION"
     fi
 
     if $build_arm; then
         # build linux/arm64
-        cmd="docker run --network none --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
+        cmd="$DOCKER run --network none --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
         # Build extract_otp_secrets (Debian Bullseye)
-        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
+        cmd="$DOCKER buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.13-slim-bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
     fi
 
     if $build_exe; then
         if $build_x86_64; then
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bookworm --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/amd64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bookworm --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -561,10 +613,10 @@ if $build_docker; then
             eval "$cmd"
 
             # Build executable from Docker bullseye
-            BULLSEYE_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            BULLSEYE_GLIBC_VERSION=$($DOCKER run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
             echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"
 
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/amd64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -579,11 +631,11 @@ if $build_docker; then
 
         if $build_arm; then
             # build linux/arm64
-            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/arm64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && $DOCKER run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
         fi
@@ -591,7 +643,7 @@ if $build_docker; then
 
     if $build_nuitka_exe; then
         if $build_x86_64; then
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bookworm_compiled /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/amd64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bookworm_compiled /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -608,10 +660,10 @@ if $build_docker; then
             eval "$cmd"
 
             # Build executable from Docker bullseye
-            BULLSEYE_GLIBC_VERSION=$(docker run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            BULLSEYE_GLIBC_VERSION=$($DOCKER run --network none --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
             echo "Bookworm glibc: $BULLSEYE_GLIBC_VERSION"
 
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bullseye_compiled /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/amd64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bullseye_compiled /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -630,11 +682,11 @@ if $build_docker; then
 
         if $build_arm; then
             # build linux/arm64
-            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
+            cmd="$DOCKER run --platform linux/arm64 --network=host --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && $DOCKER run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$($PWD):/files\" -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -646,7 +698,7 @@ if $build_docker; then
 
     # Run GUI from Docker
     if $build_x86_64 && $run_gui; then
-        cmd="docker run --network none --rm -v "$(pwd)":/files:ro --device=\"/dev/video0:/dev/video0\" --env=\"DISPLAY\" -v /tmp/.X11-unix:/tmp/.X11-unix:ro extract_otp_secrets &"
+        cmd="$DOCKER run --network none --rm -v "$($PWD):/files:ro" --device=\"/dev/video0:/dev/video0\" --env=\"DISPLAY\" -v /tmp/.X11-unix:/tmp/.X11-unix:ro extract_otp_secrets &"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
     fi

docker/Dockerfile

@@ -1,5 +1,5 @@
 # --build-arg BASE_IMAGE=python:3.11-slim-buster
-ARG BASE_IMAGE=python:3.13-slim-bookworm
+ARG BASE_IMAGE=python:3.14-slim-trixie
 FROM $BASE_IMAGE
 
 # https://docs.docker.com/engine/reference/builder/

docker/Dockerfile_only_txt

@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=python:3.13-alpine
+ARG BASE_IMAGE=python:3.14-alpine
 FROM $BASE_IMAGE
 
 # https://docs.docker.com/engine/reference/builder/

example_keepass_output.hotp.csv

@@ -1,2 +1,2 @@
-Title,User Name,HmacOtp-Secret-Base32,HmacOtp-Counter,Group
-,hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,4,OTP/HOTP
+Title,User Name,HmacOtp-Secret-Base32,HmacOtp-Counter,Group
+,hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,4,OTP/HOTP

example_keepass_output.totp.csv

@@ -1,6 +1,6 @@
-Title,User Name,TimeOtp-Secret-Base32,Group
-raspberrypi,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
-,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
-,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
-raspberrypi,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
-,encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
+Title,User Name,TimeOtp-Secret-Base32,Group
+raspberrypi,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
+,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
+,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
+raspberrypi,pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP
+,encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,OTP/TOTP

example_output.csv

@@ -1,7 +1,7 @@
-name,secret,issuer,type,counter,url
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
-pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
-hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
-encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+name,secret,issuer,type,counter,url
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
+pi@raspberrypi,7KSQL2JTUDIS5EF65KLMRQIIGY,raspberrypi,totp,,otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
+hotp demo,7KSQL2JTUDIS5EF65KLMRQIIGY,,hotp,4,otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
+encoding: ¿äÄéÉ? (demo),7KSQL2JTUDIS5EF65KLMRQIIGY,,totp,,otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY

pyproject.toml

@@ -3,8 +3,7 @@ requires = [
   "pip",
   "nuitka",
   # https://setuptools-git-versioning.readthedocs.io/en/latest/differences.html
-  "setuptools>=64.0.0",
-  "setuptools-git-versioning",
+   "setuptools-git-versioning",
   "wheel>=0.37.0",
 ]
 build-backend = "setuptools.build_meta"
@@ -21,12 +20,12 @@ classifiers = [
     "Topic :: Utilities",
     "Topic :: Security",
     "Topic :: Multimedia :: Graphics :: Capture :: Digital Camera",
-    "Programming Language :: Python :: 3.8",
     "Programming Language :: Python :: 3.9",
     "Programming Language :: Python :: 3.10",
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Intended Audience :: End Users/Desktop",
     "Intended Audience :: Developers",
     "Intended Audience :: System Administrators",
@@ -42,6 +41,9 @@ classifiers = [
 dependencies = [
   "colorama>=0.4.6",
   "opencv-contrib-python",
+  "numpy>=2.0,<2.1 ; python_version >= '3.9' and python_version < '3.10'",
+  "numpy>=2.2,<2.3 ; python_version >= '3.10' and python_version < '3.11'",
+  "numpy>=2.3,<3.0 ; python_version >= '3.11'",
   "Pillow",
   "protobuf",
   "pyzbar",
@@ -55,7 +57,7 @@ license = {text = "GNU General Public License v3 (GPLv3)"}
 readme = "README.md"
 authors = [{name = "scito", email = "info@scito.ch"}]
 maintainers = [{name = "scito", email = "info@scito.ch"}]
-requires-python = ">=3.8, <4"
+requires-python = ">=3.9, <4"
 scripts = {extract_otp_secrets = "extract_otp_secrets:sys_main"}
 urls = {Project-URL = "https://github.com/scito/extract_otp_secrets", Bug-Reports = "https://github.com/scito/extract_otp_secrets/issues", Source = "https://github.com/scito/extract_otp_secrets"}
 

requirements.txt

@@ -1,5 +1,8 @@
 colorama>=0.4.6
 opencv-contrib-python
+numpy>=2.0,<2.1 ; python_version >= "3.9" and python_version < "3.10"
+numpy>=2.2,<2.3 ; python_version >= "3.10" and python_version < "3.11"
+numpy>=2.3,<3.0 ; python_version >= "3.11"
 Pillow
 protobuf
 pyzbar

setup.cfg

@@ -2,7 +2,7 @@
 name = extract_otp_secrets
 
 [options]
-python_requires = >=3.8, <4
+python_requires = >=3.9, <4
 py_modules = extract_otp_secrets, protobuf_generated_python.google_auth_pb2
 package_dir =
     =src

src/extract_otp_secrets.py

@@ -60,8 +60,8 @@ headless: bool = False
 
 try:
     import cv2
-    import numpy as np
     import cv2.typing
+    import numpy as np
 
     try:
         import tkinter
@@ -380,14 +380,22 @@ def extract_otps_from_camera(args: Args) -> Otps:
             qr_mode = next_qr_mode(qr_mode)
             continue
 
-        cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
-        cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
-        cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)
+        try:
+            cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
+            cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
+            cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)
 
-        cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
-        cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
+            cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)
 
-        cv2.imshow(WINDOW_NAME, img)
+            cv2.imshow(WINDOW_NAME, img)
+        except cv2.error as e:
+            # Workaround due to Gtk2/3 problem, see #444
+            if e.code == cv2.Error.StsNullPtr:
+                # Window closed
+                break
+            else:
+                raise e
 
         quit, qr_mode = cv2_handle_pressed_keys(qr_mode, otps)
         if quit:
@@ -449,7 +457,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                 defaultextension='.csv',
                 filetypes=[('CSV', '*.csv'), ('All', '*.*')]
             )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
             if len(file_name) > 0:
                 write_csv(file_name, otps)
     elif (key == ord('j') or key == ord('J')) and is_not_headless():
@@ -461,7 +469,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                 defaultextension='.json',
                 filetypes=[('JSON', '*.json'), ('All', '*.*')]
             )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
             if len(file_name) > 0:
                 write_json(file_name, otps)
     elif (key == ord('k') or key == ord('K')) and is_not_headless():
@@ -473,7 +481,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                 defaultextension='.csv',
                 filetypes=[('CSV', '*.csv'), ('All', '*.*')]
             )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
             if len(file_name) > 0:
                 write_keepass_csv(file_name, otps)
     elif (key == ord('t') or key == ord('T')) and is_not_headless():
@@ -485,7 +493,7 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                 defaultextension='.txt',
                 filetypes=[('Text', '*.txt'), ('All', '*.*')]
             )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
             if len(file_name) > 0:
                 write_txt(file_name, otps, True)
     elif (key == ord('u') or key == ord('U')) and is_not_headless():
@@ -497,15 +505,13 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
                 defaultextension='.txt',
                 filetypes=[('Text', '*.txt'), ('All', '*.*')]
             )
-            tk_root.update()
+            tk_root.update()  # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
             if len(file_name) > 0:
                 write_urls(file_name, otps)
     elif key == 32:
         qr_mode = next_valid_qr_mode(qr_mode, zbar_available)
         if verbose >= LogLevel.MORE_VERBOSE: print(f"QR reading mode: {qr_mode}")
-    if cv2.getWindowProperty(WINDOW_NAME, cv2.WND_PROP_VISIBLE) < 1:
-        # Window close clicked
-        quit = True
+    # Do not check for invisible window due to Gtk2/3 problem, see #444
     return quit, qr_mode
 
 
@@ -837,7 +843,7 @@ def check_file_exists(filename: str) -> None:
 def has_no_otps_show_warning(otps: Otps) -> bool:
     if len(otps) == 0:
         tkinter.messagebox.showinfo(title="No data", message="There are no otp secrets to write")
-        tk_root.update()  # dispose dialog
+        tk_root.update()  # dispose dialog # noqa: F821 # workaround flake8 false positive, tk_root is defined globally
     return len(otps) == 0
 
 

src/protobuf_generated_python/google_auth_pb2.py

@@ -2,7 +2,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # NO CHECKED-IN PROTOBUF GENCODE
 # source: google_auth.proto
-# Protobuf Python Version: 5.29.3
+# Protobuf Python Version: 6.33.0
 """Generated protocol buffer code."""
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
@@ -11,9 +11,9 @@ from google.protobuf import symbol_database as _symbol_database
 from google.protobuf.internal import builder as _builder
 _runtime_version.ValidateProtobufRuntimeVersion(
     _runtime_version.Domain.PUBLIC,
-    5,
-    29,
-    3,
+    6,
+    33,
+    0,
     '',
     'google_auth.proto'
 )

tests/extract_otp_secrets_test.py

@@ -559,13 +559,16 @@ def test_normalize_bytes() -> None:
 # Generate verbose output:
 # for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do python3.11 src/extract_otp_secrets.py example_export.txt $color $level > tests/data/print_verbose_output$color$level.txt; done; done
 # workaround for PYTHON <= 3.10
-@pytest.mark.skipif(sys.version_info < (3, 10) or sys.platform.startswith("win"), reason="fileinput.input encoding exists since PYTHON 3.10 OR Windows fatal exception: access violation")
-@pytest.mark.parametrize("verbose_level", ['', '-v', '-vv', '-vvv'])
+@pytest.mark.skipif(sys.version_info < (3, 10), reason="fileinput.input encoding exists since PYTHON 3.10 OR Windows fatal exception: access violation")
+@pytest.mark.parametrize("verbose_level", ['', '-v', '-vv', '-vvv' if not sys.platform.startswith("win") else None])
 @pytest.mark.parametrize("color", ['', '-n'])
 def test_extract_verbose(verbose_level: str, color: str, capsys: pytest.CaptureFixture[str], relaxed: bool) -> None:
     args = ['example_export.txt']
     if verbose_level:
         args.append(verbose_level)
+    elif verbose_level is None:
+        print('Skip parameterized test\n')
+        return
     if color:
         args.append(color)
     # Act