minor: update deps and README

lift python requirement to 3.8
use latest version of opencv also for macos
2024-05-31 08:53:53 +02:00 · 2024-05-29 22:27:26 +02:00 · 2024-05-29 22:17:59 +02:00 · 2024-05-29 22:08:56 +02:00 · 2024-05-29 21:56:20 +02:00 · 2024-05-28 22:14:21 +02:00
20 changed files with 1047 additions and 893 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ jobs:
    strategy:
      matrix:
-        python-version: ["3.x", "3.11", "3.10", "3.9", "3.8", "3.7"]
+        python-version: ["3.12", "3.11", "3.10", "3.9", "3.8"]
        platform: [ubuntu-latest, macos-latest, windows-latest]
        # exclude:
@@ -32,7 +32,7 @@ jobs:
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}
-          check-latest: false
+          check-latest: ${{ github.event_name == 'schedule' }}
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
        run: |
@@ -60,8 +60,7 @@ jobs:
        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
      - name: Test with pytest
        run: pytest
-        if: (matrix.python-version != '3.x' || matrix.platform != 'ubuntu-latest')
+        if: (matrix.python-version != '3.x' || matrix.platform != 'ubuntu-latest') && (matrix.python-version != '3.10' && matrix.platform != 'macos-latest')
        # && matrix.platform != 'macos-latest'
      - name: Test with pytest (with code coverage)
        run: pytest --cov=extract_otp_secrets_test --junitxml=pytest.xml --cov-report=term-missing | tee pytest-coverage.txt
        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
--- a/.github/workflows/ci_docker.yml
+++ b/.github/workflows/ci_docker.yml
@@ -25,14 +25,14 @@ on:
 jobs:
  build-and-push-docker-debian-image:
-    name: Build Docker Bullseye image and push to repositories
+    name: Build Docker Bookworm image and push to repositories
    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # avoid building if there are testing errors
      - name: Run smoke test
@@ -44,12 +44,12 @@ jobs:
          pytest
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
        # TODO remove workaround when fixed
        with:
@@ -57,14 +57,14 @@ jobs:
            image=moby/buildkit:v0.10.6
      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
@@ -73,7 +73,7 @@ jobs:
      - name: "Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_qr_reader_latest
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
        with:
          platforms: linux/amd64,linux/arm64
          # relative path to the place where source code with Dockerfile is located
@@ -82,12 +82,14 @@ jobs:
          file: docker/Dockerfile
          # builder: ${{ steps.buildx.outputs.name }}
          # Note: tags has to be all lower-case
          build-args: |
            BASE_IMAGE=python:3.12-slim-bookworm
          pull: true
          tags: |
            scit0/extract_otp_secrets:latest
-            scit0/extract_otp_secrets:bullseye
+            scit0/extract_otp_secrets:bookworm
            ghcr.io/scito/extract_otp_secrets:latest
-            ghcr.io/scito/extract_otp_secrets:bullseye
+            ghcr.io/scito/extract_otp_secrets:bookworm
          # build on feature branches, push only on master branch
          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
@@ -98,7 +100,7 @@ jobs:
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: debian_digests
          path: digests.txt
@@ -111,7 +113,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # avoid building if there are testing errors
      - name: Run smoke test
@@ -123,22 +125,22 @@ jobs:
          pytest
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
@@ -147,7 +149,7 @@ jobs:
      - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
        id: docker_build_only_txt
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
        with:
          # relative path to the place where source code with Dockerfile is located
          platforms: linux/amd64,linux/arm64
@@ -174,20 +176,20 @@ jobs:
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: alpine_digests
          path: digests.txt
-  build-and-push-docker-buster-image:
+  build-and-push-docker-bullseye-image:
-    name: Build Docker Buster image (for PyInstsaller) and push to repositories
+    name: Build Docker Bullseye image (for PyInstsaller) and push to repositories
    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # avoid building if there are testing errors
      - name: Run smoke test
@@ -199,12 +201,12 @@ jobs:
          pytest
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
        # TODO remove workaround when fixed
        with:
@@ -212,37 +214,36 @@ jobs:
            image=moby/buildkit:v0.10.6
      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_IO_TOKEN }}
-      - name: "Build image from Buster and push to GitHub Container Registry"
+      - name: "Build image from Bullseye and push to GitHub Container Registry"
-        id: docker_build_buster
+        id: docker_build_bullseye
        if: github.ref == 'refs/heads/master'
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
        with:
          platforms: linux/amd64,linux/arm64
          # relative path to the place where source code with Dockerfile is located
          # TODO file:, move to docker/
          context: .
          file: docker/Dockerfile
          # builder: ${{ steps.buildx.outputs.name }}
          build-args: |
-            BASE_IMAGE=python:3.11-slim-buster
+            BASE_IMAGE=python:3.12-slim-bullseye
          # Note: tags has to be all lower-case
          pull: true
          tags: |
-            scit0/extract_otp_secrets:buster
+            scit0/extract_otp_secrets:bullseye
          push: ${{ github.secret_source == 'Actions' }}
      - name: Image digest
@@ -252,7 +253,7 @@ jobs:
          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
      - name: Save docker digests as artifacts
        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: buster_digests
+          name: bullseye_digests
          path: digests.txt
--- a/.github/workflows/ci_release.yml
+++ b/.github/workflows/ci_release.yml
@@ -26,7 +26,8 @@ name: release
 # Build matrix:
 # - Linux x86_64 glibc 2.35: ubuntu-latest
-# - Linux x86_64 glibc 2.34: extract_otp_secrets:buster
+# - Linux x86_64 glibc 2.31: extract_otp_secrets:bullseye
 # - Linux x86_64 glibc 2.36: extract_otp_secrets:bookworm
 # - Windows x86_64: windows-latest
 # - MacOS x86_64: macos-11
 # - Linux x86_64 glibc 2.28: extract_otp_secrets:buster
@@ -56,7 +57,7 @@ jobs:
      tag_message: ${{ steps.meta.outputs.tag_message }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      - name: Set meta data
        id: meta
        # Writing to env with >> $GITHUB_ENV is an alternative
@@ -87,19 +88,19 @@ jobs:
            https://api.github.com/repos/scito/extract_otp_secrets/releases \
            --silent \
            --show-error \
-            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\n## Executables\n\nDownload the executable for your platform and execute it, see [README.md](https://github.com/scito/extract_otp_secrets#readme)\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.dmg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.pkg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (bare executable, see [README.md](https://github.com/scito/extract_otp_secrets#readme); optional libzbar must be installed manually, see [README.md](https://github.com/scito/extract_otp_secrets#readme)) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | N/A |\n","draft":true,"prerelease":false,"generate_release_notes":true}')
+            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\n## Executables\n\nDownload the executable for your platform and execute it, see [README.md](https://github.com/scito/extract_otp_secrets#readme)\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.dmg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.pkg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (bare executable, see [README.md](https://github.com/scito/extract_otp_secrets#readme); optional libzbar must be installed manually, see [README.md](https://github.com/scito/extract_otp_secrets#readme)) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | N/A |\n","draft":true,"prerelease":false,"generate_release_notes":true}')
          echo upload_url=$(jq '.upload_url' <<< "$response") >> $GITHUB_OUTPUT
          echo $(jq -r '.upload_url' <<< "$response") > release_url.txt
          echo $(jq -r '.id' <<< "$response") > release_id.txt
      - name: Save Release URL File for publish
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: release_url
          path: release_url.txt
      - name: Save asset upload id for publish
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: release_id
          path: release_id.txt
@@ -122,7 +123,7 @@ jobs:
    # steps to perform in job
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
      # avoid building if there are testing errors
      - name: Run smoke test
@@ -134,12 +135,12 @@ jobs:
          pytest
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      # setup Docker build action
      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
        # TODO remove workaround when fixed
        with:
@@ -147,14 +148,14 @@ jobs:
            image=moby/buildkit:v0.10.6
      - name: Login to DockerHub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to Github Packages
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        if: github.secret_source == 'Actions'
        with:
          registry: ghcr.io
@@ -164,7 +165,7 @@ jobs:
      - name: Image digest
        # TODO upload digests to assets
        run: |
-          echo "extract_otp_secrets: ${{ steps.docker_build_buster.outputs.digest }}"
+          echo "extract_otp_secrets: ${{ steps.docker_build_bullseye.outputs.digest }}"
        # TODO use local docker image https://stackoverflow.com/a/61155718/1663871
        # https://github.com/multiarch/qemu-user-static
@@ -172,13 +173,14 @@ jobs:
      - name: Run Pyinstaller in container for ${{ matrix.EXE }}
        run: |
          docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes
-          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'
+          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'
-      - name: Smoke tests ${{ matrix.PLATFORM }}
+      - name: Smoke tests linux/amd64
        if: matrix.PLATFORM == 'linux/amd64'
        run: |
          dist/${{ matrix.EXE }} -V
          dist/${{ matrix.EXE }} -h
          dist/${{ matrix.EXE }} --debug
          dist/${{ matrix.EXE }} example_export.png
          dist/${{ matrix.EXE }} - < example_export.txt
          dist/${{ matrix.EXE }} --qr ZBAR example_export.png
@@ -186,19 +188,19 @@ jobs:
          dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png
          dist/${{ matrix.EXE }} --qr CV2 example_export.png
          dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png
-      - name: Smoke tests ${{ matrix.PLATFORM }}
+      - name: Smoke tests linux/arm64
        if: matrix.PLATFORM == 'linux/arm64'
        run: |
          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
          name: release_url
      - name: Display structure of files
        run: ls -R
      - name: Upload EXE to artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.EXE }}
          path: dist/${{ matrix.EXE }}
@@ -236,8 +238,8 @@ jobs:
            ASSET_MIME: application/vnd.microsoft.portable-executable
            UPLOAD: true
            CMD_BUILD: |
-              pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector;__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll;pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll;pyzbar" --onefile --version-file build\win_file_version_info.txt --name extract_otp_secrets.exe src\extract_otp_secrets.py
+              pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector:__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll:pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll:pyzbar" --onefile --version-file build\win_file_version_info.txt --name extract_otp_secrets.exe src\extract_otp_secrets.py
-          - os: macos-11
+          - os: macos-12
            TARGET: macos
            # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
            EXE: extract_otp_secrets
@@ -265,14 +267,14 @@ jobs:
      - name: List Windir
        if: runner.os == 'Windows'
        run: ls "$($Env:WinDir)\system32"
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - name: Set macos macos_python_path
        # TODO use variable for Python version
-        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.11" >> $GITHUB_ENV
+        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.12" >> $GITHUB_ENV
-      - name: Set up Python 3.11
+      - name: Set up Python 3.12
        uses: actions/setup-python@v4
        with:
-          python-version: 3.11
+          python-version: 3.12
          check-latest: true
      - name: Install zbar shared lib for QReader (Linux)
        if: runner.os == 'Linux'
@@ -302,6 +304,7 @@ jobs:
        run: |
          dist/${{ matrix.EXE }} -V
          dist/${{ matrix.EXE }} -h
          dist/${{ matrix.EXE }} --debug
          dist/${{ matrix.EXE }} example_export.png
          dist/${{ matrix.EXE }} --qr ZBAR example_export.png
          dist/${{ matrix.EXE }} --qr QREADER example_export.png
@@ -314,12 +317,12 @@ jobs:
          dist/${{ matrix.EXE }} - < example_export.txt
      - name: Load Release URL File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
          name: release_url
      - name: Load Release Id File from release job
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
          name: release_id
      - name: Display structure of files
@@ -332,12 +335,12 @@ jobs:
          echo "release_id=$(cat release_id.txt)" >> $GITHUB_OUTPUT
          echo "upload_url=https://uploads.github.com/repos/scito/extract_otp_secrets/releases/$(cat release_id.txt)/assets?name=" >> $GITHUB_OUTPUT
      - name: Upload EXE to artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.EXE }}
          path: dist/${{ matrix.EXE }}
      - name: Upload DMG to artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        if: runner.os == 'macOS'
        with:
          name: ${{ matrix.DMG }}
@@ -362,7 +365,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Load Release Id File from release job
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
        with:
          name: release_id
      - name: Set meta data
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,11 @@ file_version_info.txt
 assets/*
 extract_otp_secrets_linux_arm64.spec
 extract_otp_secrets_linux_x86_64_bullseye.spec
 extract_otp_secrets_linux_x86_64_bookworm.spec
 extract_otp_secrets_linux_x86_64.spec
 extract_otp_secrets.spec
 test.txt
 extract_otp_secrets.build/
 extract_otp_secrets.dist/
 extract_otp_secrets.onefile-build/
 extract_otp_secrets.bin
--- a/2
+++ b/2
@@ -7,7 +7,6 @@ name = "pypi"
 colorama = ">=0.4.6"
 opencv-contrib-python = "*"
 # for macOS: opencv-contrib-python = "<=4.7.0"
 # for PYTHON <= 3.7: typing_extensions = "*"
 pillow = "*"
 pyzbar = "*"
 protobuf = "*"
@@ -20,6 +19,7 @@ flake8 = "*"
 gfm-toc = "*"
 mypy = "*"
 mypy-protobuf = "*"
 nuitka = "*"
 pylint = "*"
 pytest = "*"
 pytest-cov = "*"
--- a/Pipfile.lock
+++ b/Pipfile.lock
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@
 ![coverage](https://img.shields.io/badge/coverage-94%25-brightgreen)
 [![License](https://img.shields.io/github/license/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/LICENSE)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/scito/extract_otp_secrets?sort=semver)](https://github.com/scito/extract_otp_secrets/releases/latest)  
-![python versions](https://img.shields.io/badge/python-3.7%20%7C%203.8%20%7C%203.9%20%7C%203.10%20%7C%203.11-blue)
+![python versions](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12-blue)
 [![Docker image](https://img.shields.io/badge/docker-image-blue)](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets/general)
 [![Linux](https://img.shields.io/badge/os-linux-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
 [![Windows](https://img.shields.io/badge/os-windows-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
@@ -14,7 +14,7 @@
 [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 <!-- ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/protobuf)
 [![GitHub Pipenv locked Python version](https://img.shields.io/github/pipenv/locked/python-version/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/Pipfile.lock)
-![protobuf version](https://img.shields.io/badge/protobuf-4.22.1-informational)-->
+![protobuf version](https://img.shields.io/badge/protobuf-5.27.0-informational)-->
 <!-- [![Github all releases](https://img.shields.io/github/downloads/scito/extract_otp_secrets/total.svg)](https://GitHub.com/scito/extract_otp_secrets/releases/) -->
@@ -119,8 +119,9 @@ However, the bare executable can be executed from the command line:
 1. Download executable for macOS platform from [latest release](https://github.com/scito/extract_otp_secrets/releases/latest), see assets
 2. Open `Terminal` application
 3. Change to Downloads folder in Terminal: `cd $HOME/Downloads`
-4. Set executable bit for the downloaded file: `chmod +x extract_otp_secrets_X.Y.Z_macos_x86_64`
+4. Remove quarantine bit for the downloaded file: `xattr -r -d com.apple.quarantine extract_otp_secrets_X.Y.Z_macos_x86_64`
-5. Start executable from command line: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
+5. Set executable bit for the downloaded file: `chmod +x extract_otp_secrets_X.Y.Z_macos_x86_64`
 6. Start executable from command line: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
 :information_source: Replace `X.Y.Z` in above commands with the version number of your downloaded file, e.g. `extract_otp_secrets_2.4.0_macos_x86_64`
@@ -234,7 +235,7 @@ OpenCV requires [Visual C++ redistributable 2015](https://www.microsoft.com/en-u
 ## Program help: arguments and options
-<pre>usage: extract_otp_secrets.py [-h] [--csv FILE] [--keepass FILE] [--json FILE] [--txt FILE] [--printqr] [--saveqr DIR] [--camera NUMBER] [--qr {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}] [-i] [--no-color] [--version] [-d | -v | -q] [infile ...]
+<pre>usage: extract_otp_secrets.py [-h] [--csv FILE] [--keepass FILE] [--json FILE] [--txt FILE] [--urls FILE] [--printqr] [--saveqr DIR] [--camera NUMBER] [--qr {ZBAR,QREADER,QREADER_DEEP,CV2,CV2_WECHAT}] [-i] [--no-color] [--version] [-d | -v | -q] [infile ...]
 Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps
 If no infiles are provided, a GUI window starts and QR codes are captured from the camera.
@@ -245,10 +246,11 @@ positional arguments:
 options:
  -h, --help                    show this help message and exit
-  --csv FILE, -c FILE           export csv file or - for stdout
+  --csv FILE, -c FILE           export csv file, or - for stdout
  --keepass FILE, -k FILE       export totp/hotp csv file(s) for KeePass, - for stdout
  --json FILE, -j FILE          export json file or - for stdout
  --txt FILE, -t FILE           export txt file or - for stdout
  --urls FILE, -u FILE          export file with list of otpauth urls, or - for stdout
  --printqr, -p                 print QR code(s) as text to the terminal
  --saveqr DIR, -s DIR          save QR code(s) as images to directory
  --camera NUMBER, -C NUMBER    camera number of system (default camera: 0)
@@ -347,8 +349,8 @@ python extract_otp_secrets.py = < example_export.png</pre>
 * Prints errors and warnings to stderr (🆕 since v2.0)
 * Prints colored output (🆕 since v2.0)
 * Startable as executable (script, Python, and all dependencies packed in one executable) (🆕 since v2.1)
-    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.28)
+    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.31)
-    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.28)
+    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.31)
    * extract_otp_secrets_win_x86_64.exe
    * extract_otp_secrets_macos_x86_64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed)
        * extract_otp_secrets_macos_x86_64.dmg N/A, see [why](#macos)
@@ -367,7 +369,7 @@ python extract_otp_secrets.py = < example_export.png</pre>
    * macOS
    * Windows
 * Uses UTF-8 on all platforms
-* Supports Python >= 3.7
+* Supports Python >= 3.8
 * Installation of shared system libraries is optional (🆕 since v2.3)
 * Provides a debug mode (-d) for analyzing import problems
 * Written in modern Python using type hints and following best practices
@@ -685,10 +687,15 @@ Build extract_otp_secrets project
 Options:
 -i                      Interactive mode, all steps must be confirmed
 -C                      Ignore version check of protobuf/protoc
-E                      Do not build exe
+-e                      Build exe
-D                      Do not build docker
+-n                      Build nuitka exe
 -L                      Do not build local (exes)
 -d                      Build docker
 -a                      Build arm
 -X                      Do not build x86_64
 -B                      Do not build base
 -V                      Do not run pipenv
-G                      Do not start extract_otp_secrets.py in GUI mode
+-g                      Start extract_otp_secrets.py in GUI mode
 -c                      Clean everything
 -r                      Generate result files
 -h, --help              Show help and quit
@@ -703,7 +710,7 @@ Command for regeneration of Python code from proto3 message definition file (onl
    protoc --plugin=protoc-gen-mypy=path/to/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python src/google_auth.proto
-The generated protobuf Python code was generated by protoc 22.1 (https://github.com/protocolbuffers/protobuf/releases/tag/v22.1).
+The generated protobuf Python code was generated by protoc 27.0 (https://github.com/protocolbuffers/protobuf/releases/tag/v27.0).
 For Python type hint generation the [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf) package is used.
@@ -714,7 +721,7 @@ For Python type hint generation the [mypy-protobuf](https://github.com/nipunn131
 ## Issues
-* Segmentation fault on macOS with CV2 4.7.0: https://github.com/opencv/opencv/issues/23072
+* Segmentation fault on macOS with CV2 4.7.0: https://github.com/opencv/opencv/issues/23072 (fixed)
 * CV2 window does not show icons: https://github.com/opencv/opencv-python/issues/585
 ## Problems and Troubleshooting
--- a/build.sh
+++ b/build.sh
@@ -77,10 +77,15 @@ interactive=false
 ignore_version_check=true
 clean=false
 clean_flag=""
-build_docker=true
+build_base=true
-build_exe=true
+build_arm=false
 build_x86_64=true
 build_docker=false
 build_local=true
 build_exe=false
 build_nuitka_exe=false
 run_pipenv=true
-run_gui=true
+run_gui=false
 generate_result_files=false
 PYTHONHASHSEED=31
@@ -94,16 +99,21 @@ while test $# -gt 0; do
            echo "Options:"
            echo "-i                      Interactive mode, all steps must be confirmed"
            echo "-C                      Ignore version check of protobuf/protoc"
-            echo "-E                      Do not build exe"
+            echo "-e                      Build exe"
-            echo "-D                      Do not build docker"
+            echo "-n                      Build nuitka exe"
            echo "-L                      Do not build local (exe)"
            echo "-d                      Build docker"
            echo "-a                      Build arm"
            echo "-X                      Do not build x86_64"
            echo "-B                      Do not build base"
            echo "-V                      Do not run pipenv"
-            echo "-G                      Do not start extract_otp_secrets.py in GUI mode"
+            echo "-g                      Start extract_otp_secrets.py in GUI mode"
            echo "-c                      Clean everything"
            echo "-r                      Generate result files"
            echo "-h, --help              Show help and quit"
            quit
            ;;
-        -a)
+        -i)
            interactive=true
            shift
            ;;
@@ -111,20 +121,41 @@ while test $# -gt 0; do
            ignore_version_check=false
            shift
            ;;
-        -E)
+        -B)
-            build_exe=false
+            build_base=false
            shift
            ;;
-        -D)
+        -L)
-            build_docker=false
+            build_local=false
            build_base=false
            shift
            ;;
        -a)
            build_arm=true
            shift
            ;;
        -X)
            build_x86_64=false
            shift
            ;;
        -e)
            build_exe=true
            shift
            ;;
        -n)
            build_nuitka_exe=true
            shift
            ;;
        -d)
            build_docker=true
            shift
            ;;
        -V)
            run_pipenv=false
            shift
            ;;
-        -G)
+        -g)
-            run_gui=false
+            run_gui=true
            shift
            ;;
        -r)
@@ -186,325 +217,435 @@ if $clean; then
    cmd="sudo pipenv --rm || true"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 fi
-cmd="$PIP install --use-pep517 -U -r requirements-dev.txt"
+    cmd="mkdir -p dist"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 echo -e "\n\nChecking Protoc version..."
 VERSION=$(curl -sL https://github.com/protocolbuffers/protobuf/releases/latest | grep -E "<title>" | perl -pe's%.*Protocol Buffers v(\d+\.\d+(\.\d+)?).*%\1%')
 BASEVERSION=4
 echo
 OLDVERSION=$(cat $BIN/$DEST/.VERSION.txt || echo "")
 echo -e "\nProtoc remote version $VERSION\n"
 echo -e "Protoc local version: $OLDVERSION\n"
 if [ "$OLDVERSION" != "$VERSION" ] || ! $ignore_version_check; then
    echo "Upgrade protoc from $OLDVERSION to $VERSION"
    NAME="protoc-$VERSION"
    ARCHIVE="$NAME.zip"
    mkdir -p $DOWNLOADS
    # https://github.com/protocolbuffers/protobuf/releases/download/v21.6/protoc-21.6-linux-x86_64.zip
    cmd="wget --trust-server-names https://github.com/protocolbuffers/protobuf/releases/download/v$VERSION/protoc-$VERSION-linux-x86_64.zip -O $DOWNLOADS/$ARCHIVE"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="echo -e '\nSize [Byte]'; stat --printf='%s\n' $DOWNLOADS/$ARCHIVE; echo -e '\nMD5'; md5sum $DOWNLOADS/$ARCHIVE; echo -e '\nSHA256'; sha256sum $DOWNLOADS/$ARCHIVE;"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="mkdir -p $BIN/$NAME; unzip $DOWNLOADS/$ARCHIVE -d $BIN/$NAME"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="echo $VERSION > $BIN/$NAME/.VERSION.txt; echo $VERSION > $BIN/$NAME/.VERSION_$VERSION.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="[ -d $BIN/$DEST.old ] && rm -rf $BIN/$DEST.old || echo 'No old dir to delete'"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="[ -d $BIN/$DEST ] && mv -iT $BIN/$DEST $BIN/$DEST.old || echo 'No previous dir to keep'"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="mv -iT $BIN/$NAME $BIN/$DEST"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="rm $DOWNLOADS/$ARCHIVE"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="$BIN/$DEST/bin/protoc --plugin=protoc-gen-mypy=$HOME/.local/bin/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python --proto_path=src google_auth.proto"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # Update README.md
    cmd="perl -i -pe 's%proto(buf|c)([- ])(\d\.)?$OLDVERSION%proto\$1\$2\${3}$VERSION%g' README.md && perl -i -pe 's%(protobuf/releases/tag/v)$OLDVERSION%\${1}$VERSION%g' README.md"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 else
    echo -e "\nVersion has not changed. Quit"
 fi
 # Upgrade pip requirements
 cmd="pip install -U pip"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 $PIP --version
 cmd="$PIP install --use-pep517 -U -r requirements.txt"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Lint
 LINT_OUT_FILE="tests/reports/flake8_results.txt"
 cmd="$FLAKE8 . --count --select=E9,F63,F7,F82 --show-source --statistics | tee $LINT_OUT_FILE"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 cmd="$FLAKE8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics --exclude=.git,__pycache__,docs/source/conf.py,old,build,dist,protobuf_generated_python | tee -a $LINT_OUT_FILE"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Type checking
 TYPE_CHECK_OUT_FILE="tests/reports/mypy_results.txt"
 cmd="$MYPY --install-types --non-interactive src/*.py tests/*.py"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # change to src as python -m mypy adds the current dir Python sys.path
 # execute in a subshell in order not to loose the exit code and not to change the dir in the currrent shell
 cmd="$MYPY --strict src/*.py tests/*.py | tee $TYPE_CHECK_OUT_FILE"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Generate results files
 if $generate_result_files; then
    cmd="for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do $PYTHON src/extract_otp_secrets.py example_export.txt \$color \$level > tests/data/print_verbose_output\$color\$level.txt; done; done"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 fi
-# pip -e install
+if $build_local; then
-
+    cmd="$PIP install --use-pep517 -U -r requirements-dev.txt"
 cmd="$PIP install -U -e ."
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 cmd="extract_otp_secrets example_export.txt"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 cmd="extract_otp_secrets - < example_export.txt"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Test (needs module)
 cmd="$PYTHON src/extract_otp_secrets.py example_export.txt"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 cmd="$PYTHON src/extract_otp_secrets.py - < example_export.txt"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 COVERAGE_OUT_FILE="tests/reports/pytest-coverage.txt"
 cmd="pytest --cov=extract_otp_secrets_test --junitxml=tests/reports/pytest.xml --cov-report html:tests/reports/html --cov-report=term-missing tests/ | tee $COVERAGE_OUT_FILE"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Pipenv
 if $run_pipenv; then
    cmd="$PIP install -U pipenv"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
-    $PIPENV --version
+    echo -e "\n\nChecking Protoc version..."
    VERSION=$(curl -sL https://github.com/protocolbuffers/protobuf/releases/latest | grep -E "<title>" | perl -pe's%.*Protocol Buffers v(\d+\.\d+(\.\d+)?).*%\1%')
    BASEVERSION=4
    echo
-    cmd="$PIPENV update && $PIPENV --rm && $PIPENV install"
+    OLDVERSION=$(cat $BIN/$DEST/.VERSION.txt || echo "")
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    echo -e "\nProtoc remote version $VERSION\n"
-    eval "$cmd"
+    echo -e "Protoc local version: $OLDVERSION\n"
-    $PIPENV run python --version
+    if [ "$OLDVERSION" != "$VERSION" ] || ! $ignore_version_check; then
        echo "Upgrade protoc from $OLDVERSION to $VERSION"
-    cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
+        NAME="protoc-$VERSION"
-    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        ARCHIVE="$NAME.zip"
    eval "$cmd"
 fi
-# Build wheel
+        mkdir -p $DOWNLOADS
-
+        # https://github.com/protocolbuffers/protobuf/releases/download/v21.6/protoc-21.6-linux-x86_64.zip
-cmd="$PIP wheel ."
+        cmd="wget --trust-server-names https://github.com/protocolbuffers/protobuf/releases/download/v$VERSION/protoc-$VERSION-linux-x86_64.zip -O $DOWNLOADS/$ARCHIVE"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Build executable
 if $build_exe; then
    cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    echo "local glibc: $LOCAL_GLIBC_VERSION"
    cmd="pyinstaller -y --specpath installer --add-data $HOME/.local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile $clean_flag src/extract_otp_secrets.py"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="dist/extract_otp_secrets -h"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 fi
 # Generate README.md TOC
 cmd="gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
 if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
 eval "$cmd"
 # Update Code Coverage in README.md
 # https://github.com/marketplace/actions/pytest-coverage-comment
 # Coverage-95%25-yellowgreen
 echo -e "Update code coverage in README.md"
 TOTAL_COVERAGE=$(cat $COVERAGE_OUT_FILE | grep 'TOTAL' | perl -ne 'print "$&" if /\b(\d{1,3})%/') && perl -i -pe "s/coverage-(\d{1,3}%)25-/coverage-${TOTAL_COVERAGE}25-/" README.md
 if $build_docker; then
    # Build docker
    # Build Dockerfile_only_txt (Alpine)
    cmd="docker build . -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f docker/Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt example_export.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt - < example_export.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # Build extract_otp_secrets (Debian Bullseye)
    cmd="docker build . -t extract_otp_secrets -t extract_otp_secrets:bullseye --pull -f docker/Dockerfile --build-arg RUN_TESTS=false"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets example_export.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets - -c - > example_output.csv"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets = < example_export.png"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # Build extract_otp_secrets (Debian Buster)
    cmd="docker build . -t extract_otp_secrets:buster --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster example_export.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster - -c - > example_output.csv"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster = < example_export.png"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # Build executable from Docker latest
    # sed "1!d" is workaround for head -n 1 since it head procduces exit code != 0
    BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
    echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"
    if $build_exe; then
        cmd="docker run --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bullseye --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        cmd="dist/extract_otp_secrets_linux_x86_64_bullseye -h"
+        cmd="echo -e '\nSize [Byte]'; stat --printf='%s\n' $DOWNLOADS/$ARCHIVE; echo -e '\nMD5'; md5sum $DOWNLOADS/$ARCHIVE; echo -e '\nSHA256'; sha256sum $DOWNLOADS/$ARCHIVE;"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        # Build executable from Docker buster
+        cmd="mkdir -p $BIN/$NAME; unzip $DOWNLOADS/$ARCHIVE -d $BIN/$NAME"
        BUSTER_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:buster -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
        echo "Bullseye glibc: $BUSTER_GLIBC_VERSION"
        cmd="docker run --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        cmd="dist/extract_otp_secrets_linux_x86_64 -h"
+        cmd="echo $VERSION > $BIN/$NAME/.VERSION.txt; echo $VERSION > $BIN/$NAME/.VERSION_$VERSION.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        # create Windows win_file_version_info.txt
+        cmd="[ -d $BIN/$DEST.old ] && rm -rf $BIN/$DEST.old || echo 'No old dir to delete'"
        cmd="VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") VERSION_BUILD=$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) COPYRIGHT_YEARS='2020-2023' envsubst < installer/win_file_version_info_template.txt > build/win_file_version_info.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        # create macOS extract_otp_secrets_macos.spec from extract_otp_secrets_macos_template.spec
+        cmd="[ -d $BIN/$DEST ] && mv -iT $BIN/$DEST $BIN/$DEST.old || echo 'No previous dir to keep'"
        cmd="VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2023' envsubst < installer/extract_otp_secrets_macos_template.spec > build/extract_otp_secrets_macos.spec"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        # build linux/arm64
+        cmd="mv -iT $BIN/$NAME $BIN/$DEST"
        # Build extract_otp_secrets (Debian Buster)
        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:buster --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        cmd="docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
+        cmd="rm $DOWNLOADS/$ARCHIVE"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+        cmd="$BIN/$DEST/bin/protoc --plugin=protoc-gen-mypy=$HOME/.local/bin/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python --proto_path=src google_auth.proto"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
-        cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+        # Update README.md
        cmd="perl -i -pe 's%proto(buf|c)([- ])(\d\.)?$OLDVERSION%proto\$1\$2\${3}$VERSION%g' README.md && perl -i -pe 's%(protobuf/releases/tag/v)$OLDVERSION%\${1}$VERSION%g' README.md"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    else
        echo -e "\nVersion has not changed. Quit"
    fi
    # Upgrade pip requirements
    cmd="pip install -U pip"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    $PIP --version
    cmd="$PIP install --use-pep517 -U -r requirements.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    if $build_base; then
        # Lint
        LINT_OUT_FILE="tests/reports/flake8_results.txt"
        cmd="$FLAKE8 . --count --select=E9,F63,F7,F82 --show-source --statistics | tee $LINT_OUT_FILE"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="$FLAKE8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics --exclude=.git,__pycache__,docs/source/conf.py,old,build,dist,protobuf_generated_python | tee -a $LINT_OUT_FILE"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Type checking
        TYPE_CHECK_OUT_FILE="tests/reports/mypy_results.txt"
        cmd="$MYPY --install-types --non-interactive src/*.py tests/*.py"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # change to src as python -m mypy adds the current dir Python sys.path
        # execute in a subshell in order not to loose the exit code and not to change the dir in the currrent shell
        cmd="$MYPY --strict src/*.py tests/*.py | tee $TYPE_CHECK_OUT_FILE"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Generate results files
        if $generate_result_files; then
            cmd="for color in '' '-n'; do for level in '' '-v' '-vv' '-vvv'; do $PYTHON src/extract_otp_secrets.py example_export.txt \$color \$level > tests/data/print_verbose_output\$color\$level.txt; done; done"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
        # pip -e install
        cmd="$PIP install -U -e ."
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="extract_otp_secrets example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="extract_otp_secrets - < example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Test (needs module)
        cmd="$PYTHON src/extract_otp_secrets.py example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="$PYTHON src/extract_otp_secrets.py - < example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        COVERAGE_OUT_FILE="tests/reports/pytest-coverage.txt"
        cmd="pytest --cov=extract_otp_secrets_test --junitxml=tests/reports/pytest.xml --cov-report html:tests/reports/html --cov-report=term-missing tests/ | tee $COVERAGE_OUT_FILE"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Pipenv
        if $run_pipenv; then
            cmd="$PIP install -U pipenv"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            $PIPENV --version
            cmd="$PIPENV --rm && $PIPENV update && $PIPENV install"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            $PIPENV run python --version
            cmd="$PIPENV run pytest --cov=extract_otp_secrets_test tests/"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
        # Build wheel
        cmd="$PIP wheel ."
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
    # Build executable
    if $build_exe; then
        cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        echo "local glibc: $LOCAL_GLIBC_VERSION"
        cmd="pyinstaller -y --specpath installer --add-data $HOME/.local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile $clean_flag src/extract_otp_secrets.py"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="dist/extract_otp_secrets -h"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="dist/extract_otp_secrets --qr ZBAR example_export.png"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
    # Build compiled executable
    if $build_nuitka_exe; then
        cmd="LOCAL_GLIBC_VERSION=$(ldd --version | sed '1!d' | sed -E 's/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/')"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        echo "local glibc: $LOCAL_GLIBC_VERSION"
        cmd="$PIP install -U pyqt5"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="$PYTHON -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=$HOME/.local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=build/nuitka --output-filename=extract_otp_secrets_compiled src/extract_otp_secrets.py"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="cp build/nuitka/extract_otp_secrets_compiled dist/"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="dist/extract_otp_secrets_compiled -h"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="dist/extract_otp_secrets_compiled --qr ZBAR example_export.png"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
    # Generate README.md TOC
    cmd="gfm-toc -s 2 -e 3 -t -o README.md > docs/README_TOC.md"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # Update Code Coverage in README.md
    # https://github.com/marketplace/actions/pytest-coverage-comment
    # Coverage-95%25-yellowgreen
    echo -e "Update code coverage in README.md"
    TOTAL_COVERAGE=$(cat $COVERAGE_OUT_FILE | grep 'TOTAL' | perl -ne 'print "$&" if /\b(\d{1,3})%/') && perl -i -pe "s/coverage-(\d{1,3}%)25-/coverage-${TOTAL_COVERAGE}25-/" README.md
    # create Windows win_file_version_info.txt
    cmd="VERSION_STR=$(setuptools-git-versioning) VERSION_MAJOR=$(cut -d '.' -f 1 <<< "$(setuptools-git-versioning)") VERSION_MINOR=$(cut -d '.' -f 2 <<< "$(setuptools-git-versioning)") VERSION_PATCH=$(cut -d '.' -f 3 <<< "$(setuptools-git-versioning)") VERSION_BUILD=$(($(git rev-list --count $(git tag | sort -V -r | sed '1!d')..HEAD))) COPYRIGHT_YEARS='2020-2023' envsubst < installer/win_file_version_info_template.txt > build/win_file_version_info.txt"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
    # create macOS extract_otp_secrets_macos.spec from extract_otp_secrets_macos_template.spec
    cmd="VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2023' envsubst < installer/extract_otp_secrets_macos_template.spec > build/extract_otp_secrets_macos.spec"
    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
    eval "$cmd"
 fi
 if $build_docker; then
    # Build docker
    if $build_x86_64; then
        # Build Dockerfile_only_txt (Alpine)
        cmd="docker build . -t extract_otp_secrets_only_txt -t extract_otp_secrets:only-txt -t extract_otp_secrets:alpine -f docker/Dockerfile_only_txt --pull --build-arg RUN_TESTS=false"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt - < example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets_only_txt extract_otp_secrets_test.py -k 'not qreader' -vvv --relaxed"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Build extract_otp_secrets (Debian Bookworm)
        cmd="docker build . -t extract_otp_secrets -t extract_otp_secrets:bookworm --pull -f docker/Dockerfile --build-arg RUN_TESTS=false"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets - -c - > example_output.csv"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets = < example_export.png"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Build extract_otp_secrets (Debian Bullseye)
        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye example_export.txt"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye - -c - > example_output.csv"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye = < example_export.png"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Build executable from Docker latest
        # sed "1!d" is workaround for head -n 1 since it head procduces exit code != 0
        BOOKWORM_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
        echo "Bookworm glibc: $BOOKWORM_GLIBC_VERSION"
    fi
    if $build_arm; then
        # build linux/arm64
        cmd="docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
        # Build extract_otp_secrets (Debian Bullseye)
        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
    fi
    if $build_exe; then
        if $build_x86_64; then
            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64_bookworm --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="dist/extract_otp_secrets_linux_x86_64_bookworm -h || echo 'Could not run exe; see error message above'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="dist/extract_otp_secrets_linux_x86_64_bookworm --qr ZBAR example_export.png || echo 'Could not run exe; see error message above'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            # Build executable from Docker bullseye
            BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
            echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"
            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="dist/extract_otp_secrets_linux_x86_64 -h"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="dist/extract_otp_secrets_linux_x86_64 --qr ZBAR example_export.png"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
        if $build_arm; then
            # build linux/arm64
            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
    fi
    if $build_nuitka_exe; then
        if $build_x86_64; then
            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bookworm_compiled /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled -h"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled --qr ZBAR example_export.png"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled dist/"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            # Build executable from Docker bullseye
            BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
            echo "Bookworm glibc: $BULLSEYE_GLIBC_VERSION"
            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bullseye_compiled /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled -h"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled --qr ZBAR example_export.png"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled dist/"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
        if $build_arm; then
            # build linux/arm64
            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled dist/"
            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
            eval "$cmd"
        fi
    fi
    # Run GUI from Docker
-    if $run_gui; then
+    if $build_x86_64 && $run_gui; then
        cmd="docker run --rm -v "$(pwd)":/files:ro --device=\"/dev/video0:/dev/video0\" --env=\"DISPLAY\" -v /tmp/.X11-unix:/tmp/.X11-unix:ro extract_otp_secrets &"
        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
        eval "$cmd"
@@ -517,14 +658,18 @@ if $run_gui; then
    eval "$cmd"
 fi
-line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
+if $build_base; then
-echo -e "\n${blueBold}$line RESULTS $line${reset}"
+    line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
    echo -e "\n${blueBold}$line RESULTS $line${reset}"
-cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
+    cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    eval "$cmd"
 fi
 line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
 echo -e "\n${greenBold}$line SUCCESS $line${reset}"
 git status
 quit
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,5 +1,5 @@
 # --build-arg BASE_IMAGE=python:3.11-slim-buster
-ARG BASE_IMAGE=python:3.11-slim-bullseye
+ARG BASE_IMAGE=python:3.12-slim-bookworm
 FROM $BASE_IMAGE
 # https://docs.docker.com/engine/reference/builder/
@@ -23,7 +23,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
        libzbar0 \
        python3-tk \
    && rm -rf /var/lib/apt/lists/* \
-    && pip install --no-cache-dir -U -r requirements.txt \
+    && pip install --no-cache-dir -U pip -r requirements.txt \
    && if [ "$RUN_TESTS" = "true" ]; then /extract/run_pytest.sh; else echo "Not running tests..."; fi \
    && echo 'test -s /extract/.alias && . /extract/.alias || true' >> ~/.bashrc
--- a/docker/Dockerfile_only_txt
+++ b/docker/Dockerfile_only_txt
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=python:3.11-alpine
+ARG BASE_IMAGE=python:3.12-alpine
 FROM $BASE_IMAGE
 # https://docs.docker.com/engine/reference/builder/
@@ -30,6 +30,7 @@ RUN apk add --no-cache \
        zlib-dev \
    ; fi \
    && pip install --no-cache-dir -U \
        pip \
        colorama \
        Pillow \
        protobuf \
--- a/mypy.ini
+++ b/mypy.ini
@@ -1,4 +1 @@
 [mypy]
 [mypy-protobuf_generated_python.*]
 ignore_errors = True
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,8 +1,11 @@
 [build-system]
 requires = [
-  "setuptools>=64.0.0", "wheel>=0.37.0", "pip",
+  "pip",
  "nuitka",
  # https://setuptools-git-versioning.readthedocs.io/en/latest/differences.html
  "setuptools>=64.0.0",
  "setuptools-git-versioning",
  "wheel>=0.37.0",
 ]
 build-backend = "setuptools.build_meta"
@@ -18,11 +21,11 @@ classifiers = [
    "Topic :: Utilities",
    "Topic :: Security",
    "Topic :: Multimedia :: Graphics :: Capture :: Digital Camera",
    "Programming Language :: Python :: 3.7",
    "Programming Language :: Python :: 3.8",
    "Programming Language :: Python :: 3.9",
    "Programming Language :: Python :: 3.10",
    "Programming Language :: Python :: 3.11",
    "Programming Language :: Python :: 3.12",
    "Intended Audience :: End Users/Desktop",
    "Intended Audience :: Developers",
    "Intended Audience :: System Administrators",
@@ -37,16 +40,12 @@ classifiers = [
 ]
 dependencies = [
  "colorama>=0.4.6",
-  "opencv-contrib-python; sys_platform != 'darwin'",
+  "opencv-contrib-python",
  "opencv-contrib-python<=4.7.0; sys_platform == 'darwin'",
  "Pillow",
  "protobuf",
  "pyzbar",
  "qrcode",
  "qreader<2.0.0",
  # workaround for PYTHON <= 3.7: compatibility
  "typing_extensions; python_version<='3.7'",
  "importlib_metadata; python_version<='3.7'",
 ]
 description = "Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as 'Google Authenticator'"
 dynamic = ["version"]
@@ -55,7 +54,7 @@ license = {text = "GNU General Public License v3 (GPLv3)"}
 readme = "README.md"
 authors = [{name = "scito", email = "info@scito.ch"}]
 maintainers = [{name = "scito", email = "info@scito.ch"}]
-requires-python = ">=3.7, <4"
+requires-python = ">=3.8, <4"
 scripts = {extract_otp_secrets = "extract_otp_secrets:sys_main"}
 urls = {Project-URL = "https://github.com/scito/extract_otp_secrets", Bug-Reports = "https://github.com/scito/extract_otp_secrets/issues", Source = "https://github.com/scito/extract_otp_secrets"}
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -3,6 +3,7 @@ flake8
 gfm-toc
 mypy
 mypy-protobuf
 nuitka
 pyinstaller
 pylint
 pytest
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,10 +1,7 @@
 colorama>=0.4.6
-importlib_metadata; python_version<='3.7'
+opencv-contrib-python
 opencv-contrib-python; sys_platform != 'darwin'
 opencv-contrib-python<=4.7.0; sys_platform == 'darwin'
 Pillow
 protobuf
 pyzbar
 qrcode
 qreader<2.0.0
 typing_extensions; python_version<='3.7'
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,7 @@
 name = extract_otp_secrets
 [options]
-python_requires = >=3.7, <4
+python_requires = >=3.8, <4
 py_modules = extract_otp_secrets, protobuf_generated_python.google_auth_pb2
 package_dir =
    =src
--- a/src/extract_otp_secrets.py
+++ b/src/extract_otp_secrets.py
@@ -43,35 +43,24 @@ import re
 import sys
 import urllib.parse as urlparse
 from enum import Enum, IntEnum
-from typing import Any, List, Optional, Sequence, TextIO, Tuple, Union, TYPE_CHECKING
+from importlib.metadata import PackageNotFoundError, version
 from typing import (Any, Final, List, Optional, Sequence, TextIO, Tuple,
                    TypedDict, Union)
 import colorama
 from pkg_resources import DistributionNotFound, get_distribution
 from qrcode import QRCode  # type: ignore
 import protobuf_generated_python.google_auth_pb2 as pb
 # workaround for PYTHON <= 3.7: compatibility
 if sys.version_info >= (3, 8):
    from typing import Final, TypedDict
 else:
    from typing_extensions import Final, TypedDict
 # workaround for PYTHON <= 3.7: compatibility
 if sys.version_info >= (3, 8):
    from importlib.metadata import PackageNotFoundError, version
 else:
    from importlib_metadata import PackageNotFoundError, version
 debug_mode = '-d' in sys.argv[1:] or '--debug' in sys.argv[1:]
 quiet = '-q' in sys.argv[1:] or '--quiet' in sys.argv[1:]
 headless: bool = False
 try:
-    import cv2  # type: ignore # TODO use cv2 types if available
+    import cv2
-    import numpy as np  # TODO use numpy types if available
+    import numpy as np
    import cv2.typing
    try:
        import tkinter
@@ -104,9 +93,8 @@ Exception: {e}\n""", file=sys.stderr)
    FONT_SCALE: Final[float] = 1.3
    FONT_THICKNESS: Final[int] = 1
    FONT_LINE_STYLE: Final[int] = cv2.LINE_AA
-    FONT_COLOR: Final[ColorBGR] = (255, 0, 0)
+    FONT_COLOR: Final[ColorBGR] = 255, 0, 0
    BOX_THICKNESS: Final[int] = 5
    # workaround for PYTHON <= 3.7: must use () for assignments
    WINDOW_X: Final[int] = 0
    WINDOW_Y: Final[int] = 1
    WINDOW_WIDTH: Final[int] = 2
@@ -115,10 +103,10 @@ Exception: {e}\n""", file=sys.stderr)
    TEXT_HEIGHT: Final[int] = 1
    BORDER: Final[int] = 5
    START_Y: Final[int] = 20
-    START_POS_TEXT: Final[Point] = (BORDER, START_Y)
+    START_POS_TEXT: Final[Point] = BORDER, START_Y
-    NORMAL_COLOR: Final[ColorBGR] = (255, 0, 255)
+    NORMAL_COLOR: Final[ColorBGR] = 255, 0, 255
-    SUCCESS_COLOR: Final[ColorBGR] = (0, 255, 0)
+    SUCCESS_COLOR: Final[ColorBGR] = 0, 255, 0
-    FAILURE_COLOR: Final[ColorBGR] = (0, 0, 255)
+    FAILURE_COLOR: Final[ColorBGR] = 0, 0, 255
    CHAR_DX: Final[int] = (lambda text: cv2.getTextSize(text, FONT, FONT_SCALE, FONT_THICKNESS)[0][TEXT_WIDTH] // len(text))("28 QR codes capturedMMM")
    FONT_DY: Final[int] = cv2.getTextSize("M", FONT, FONT_SCALE, FONT_THICKNESS)[0][TEXT_HEIGHT] + 5
    WINDOW_NAME: Final[str] = "Extract OTP Secrets: Capture QR Codes from Camera"
@@ -131,12 +119,12 @@ except ImportError as e:
    if debug_mode:
        raise e
-# Workaround for PYTHON <= 3.9: Union[int, None] used instead of int | None
+# Workaround for PYTHON <= 3.9: Generally Union[int, None] used instead of int | None
 # Types
 Args = argparse.Namespace
 OtpUrl = str
-# workaround for PYTHON <= 3.7: Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': int | None, 'url': OtpUrl})
+# Workaround for PYTHON <= 3.9: Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': int | None, 'url': OtpUrl})
 Otp = TypedDict('Otp', {'name': str, 'secret': str, 'issuer': str, 'type': str, 'counter': Union[int, None], 'url': OtpUrl})
 # workaround for PYTHON <= 3.9: Otps = list[Otp]
 Otps = List[Otp]
@@ -200,6 +188,7 @@ def main(sys_args: list[str]) -> None:
    write_keepass_csv(args.keepass, otps)
    write_json(args.json, otps)
    write_txt(args.txt, otps, True)
    write_urls(args.urls, otps)
 # workaround for PYTHON <= 3.9 use: pb.MigrationPayload | None
@@ -276,9 +265,7 @@ def extract_otp_from_otp_url(otpauth_migration_url: str, otps: Otps, urls_count:
 def parse_args(sys_args: list[str]) -> Args:
    global verbose, quiet, colored
-    # For PYTHON <= 3.7: Use :=
+    cmd = f"python {name}" if (name := os.path.basename(sys.argv[0])).endswith('.py') else f"{name}"
    name = os.path.basename(sys.argv[0])
    cmd = f"python {name}" if name.endswith('.py') else f"{name}"
    description_text = "Extracts one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps"
    if cv2_available:
        description_text += "\nIf no infiles are provided, a GUI window starts and QR codes are captured from the camera."
@@ -294,10 +281,11 @@ def parse_args(sys_args: list[str]) -> Args:
                                         epilog=example_text)
    arg_parser.add_argument('infile', help="""a) file or - for stdin with 'otpauth-migration://...' URLs separated by newlines, lines starting with # are ignored;
 b) image file containing a QR code or = for stdin for an image containing a QR code""", nargs='*' if cv2_available else '+')
-    arg_parser.add_argument('--csv', '-c', help='export csv file or - for stdout', metavar=('FILE'))
+    arg_parser.add_argument('--csv', '-c', help='export csv file, or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--keepass', '-k', help='export totp/hotp csv file(s) for KeePass, - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--json', '-j', help='export json file or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--txt', '-t', help='export txt file or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--urls', '-u', help='export file with list of otpauth urls, or - for stdout', metavar=('FILE'))
    arg_parser.add_argument('--printqr', '-p', help='print QR code(s) as text to the terminal', action='store_true')
    arg_parser.add_argument('--saveqr', '-s', help='save QR code(s) as images to directory', metavar=('DIR'))
    if cv2_available:
@@ -315,13 +303,14 @@ b) image file containing a QR code or = for stdin for an image containing a QR c
    output_group.add_argument('-q', '--quiet', help='no stdout output, except output set by -', action='store_true')
    args = arg_parser.parse_args(sys_args)
    colored = not args.no_color
-    if args.csv == '-' or args.json == '-' or args.keepass == '-' or args.txt == '-':
+    if args.csv == '-' or args.json == '-' or args.keepass == '-' or args.txt == '-' or args.urls == '-':
        args.quiet = args.q = True
    verbose = args.verbose if args.verbose else LogLevel.NORMAL
    if args.debug:
        verbose = LogLevel.DEBUG
        log_debug('Debug mode start')
        log_debug(args)
    quiet = True if args.quiet else False
    if verbose: print(f"QReader installed: {cv2_available}")
    if cv2_available:
@@ -378,7 +367,7 @@ def extract_otps_from_camera(args: Args) -> Otps:
                if QRMode.CV2:
                    otp_url, raw_pts, _ = cv2_qr.detectAndDecode(img)
                else:
-                    otp_url, raw_pts = cv2_qr_wechat.detectAndDecode(img)
+                    otp_url, raw_pts = cv2_qr_wechat.detectAndDecode(img)  # type: ignore  # use proper cv2 types
                if raw_pts is not None:
                    if otp_url:
                        new_otps_count = extract_otps_from_otp_url(otp_url, otp_urls, otps, args)
@@ -392,7 +381,7 @@ def extract_otps_from_camera(args: Args) -> Otps:
        cv2_print_text(img, f"Mode: {qr_mode.name} (Hit SPACE to change)", 0, TextPosition.LEFT, FONT_COLOR, 20)
        cv2_print_text(img, "Press ESC to quit", 1, TextPosition.LEFT, FONT_COLOR, 17)
-        cv2_print_text(img, "Press C/J/K/T to save as csv/json/keepass/txt file", 2, TextPosition.LEFT, FONT_COLOR, None)
+        cv2_print_text(img, "Press c,j,k,t,u to save as csv/json/keepass/txt/urls file", 2, TextPosition.LEFT, FONT_COLOR, None)
        cv2_print_text(img, f"{len(otp_urls)} QR code{'s'[:len(otp_urls) != 1]} captured", 0, TextPosition.RIGHT, FONT_COLOR)
        cv2_print_text(img, f"{len(otps)} otp{'s'[:len(otps) != 1]} extracted", 1, TextPosition.RIGHT, FONT_COLOR)
@@ -419,16 +408,15 @@ def get_color(new_otps_count: int, otp_url: str) -> ColorBGR:
            return NORMAL_COLOR
-# TODO use cv2 types if available
+# TODO use proper cv2 types if available
-def cv2_draw_box(img: Any, raw_pts: Any, color: ColorBGR) -> Any:
+def cv2_draw_box(img: cv2.typing.MatLike, raw_pts: cv2.typing.MatLike | list[tuple[Any, Any]], color: ColorBGR) -> np.ndarray[Any, np.dtype[np.int32]]:
    pts = np.array([raw_pts], np.int32)
    pts = pts.reshape((-1, 1, 2))
    cv2.polylines(img, [pts], True, color, BOX_THICKNESS)
    return pts
-# TODO use cv2 types if available
+def cv2_print_text(img: cv2.typing.MatLike, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
 def cv2_print_text(img: Any, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
    window_dim = cv2.getWindowImageRect(WINDOW_NAME)
    out_text = text
    if opposite_len:
@@ -499,6 +487,18 @@ def cv2_handle_pressed_keys(qr_mode: QRMode, otps: Otps) -> Tuple[bool, QRMode]:
            tk_root.update()
            if len(file_name) > 0:
                write_txt(file_name, otps, True)
    elif (key == ord('u') or key == ord('U')) and is_not_headless():
        if has_no_otps_show_warning(otps):
            pass
        else:
            file_name = tkinter.filedialog.asksaveasfilename(
                title="Save extracted otp secrets as list of urls",
                defaultextension='.txt',
                filetypes=[('Text', '*.txt'), ('All', '*.*')]
            )
            tk_root.update()
            if len(file_name) > 0:
                write_urls(file_name, otps)
    elif key == 32:
        qr_mode = next_valid_qr_mode(qr_mode, zbar_available)
        if verbose >= LogLevel.MORE_VERBOSE: print(f"QR reading mode: {qr_mode}")
@@ -679,6 +679,10 @@ def print_otp(otp: Otp, out: Optional[TextIO] = None) -> None:
        print(otp['url'], file=out)
 def write_url(otp: Otp, out: Optional[TextIO] = None) -> None:
    print(otp['url'], file=out)
 def save_qr_image(otp: Otp, dir: str, j: int) -> str:
    if not (os.path.exists(dir)): os.makedirs(dir, exist_ok=True)
    pattern = re.compile(r'[\W_]+')
@@ -712,6 +716,14 @@ def write_txt(file: str, otps: Otps, write_qr: bool = False) -> None:
                print(file=outfile)
 def write_urls(file: str, otps: Otps) -> None:
    if file and len(file) > 0 and len(otps) > 0:
        with open_file_or_stdout(file) as outfile:
            for otp in otps:
                write_url(otp, outfile)
        if not quiet: print(f"Exported {len(otps)} otp{'s'[:len(otps) != 1]} to otpauth url list file {file}")
 def write_csv(file: str, otps: Otps) -> None:
    if file and len(file) > 0 and len(otps) > 0:
        with open_file_or_stdout_for_csv(file) as outfile:
@@ -735,8 +747,8 @@ def write_keepass_csv(file: str, otps: Otps) -> None:
        if has_hotp:
            count_hotp_entries = write_keepass_htop_csv(otp_filename_hotp, otps)
        if not quiet:
-            if count_totp_entries: print(f"Exported {count_totp_entries} totp entrie{'s'[:count_totp_entries != 1]} to keepass csv file {otp_filename_totp}")
+            if has_totp and count_totp_entries: print(f"Exported {count_totp_entries} totp entrie{'s'[:count_totp_entries != 1]} to keepass csv file {otp_filename_totp}")
-            if count_hotp_entries: print(f"Exported {count_hotp_entries} hotp entrie{'s'[:count_hotp_entries != 1]} to keepass csv file {otp_filename_hotp}")
+            if has_hotp and count_hotp_entries: print(f"Exported {count_hotp_entries} hotp entrie{'s'[:count_hotp_entries != 1]} to keepass csv file {otp_filename_hotp}")
 def write_keepass_totp_csv(file: str, otps: Otps) -> int:
@@ -898,19 +910,7 @@ def get_raw_version() -> str:
        return __version__
    except PackageNotFoundError:
        # package is not installed
-        pass
+        return ''
    # In some cases importlib cannot properly detect package version, for example it was compiled into executable file, so it uses some custom import mechanism.
    # Instead, use pkg_resources which is included in setuptools (but has a significant runtime cost)
    try:
        __version__ = get_distribution("package-name").version
        return __version__
    except DistributionNotFound:
        # package is not installed
        pass
    return ''
 # workaround for PYTHON <= 3.9 use: BaseException | None
--- a/src/protobuf_generated_python/google_auth_pb2.py
+++ b/src/protobuf_generated_python/google_auth_pb2.py
@@ -1,11 +1,22 @@
 # -*- coding: utf-8 -*-
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # NO CHECKED-IN PROTOBUF GENCODE
 # source: google_auth.proto
 # Protobuf Python Version: 5.27.0
 """Generated protocol buffer code."""
 from google.protobuf.internal import builder as _builder
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
 from google.protobuf import runtime_version as _runtime_version
 from google.protobuf import symbol_database as _symbol_database
 from google.protobuf.internal import builder as _builder
 _runtime_version.ValidateProtobufRuntimeVersion(
    _runtime_version.Domain.PUBLIC,
    5,
    27,
    0,
    '',
    'google_auth.proto'
 )
 # @@protoc_insertion_point(imports)
 _sym_db = _symbol_database.Default()
@@ -18,9 +29,8 @@ DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x11google_auth.pr
 _globals = globals()
 _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
 _builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'google_auth_pb2', _globals)
-if _descriptor._USE_C_DESCRIPTORS == False:
+if not _descriptor._USE_C_DESCRIPTORS:
-
+  DESCRIPTOR._loaded_options = None
  DESCRIPTOR._options = None
  _globals['_MIGRATIONPAYLOAD']._serialized_start=22
  _globals['_MIGRATIONPAYLOAD']._serialized_end=461
  _globals['_MIGRATIONPAYLOAD_OTPPARAMETERS']._serialized_start=176
--- a/src/protobuf_generated_python/google_auth_pb2.pyi
+++ b/src/protobuf_generated_python/google_auth_pb2.pyi
@@ -2,6 +2,7 @@
@generated by mypy-protobuf.  Do not edit manually!
 isort:skip_file
 """
 import builtins
 import collections.abc
 import google.protobuf.descriptor
@@ -18,7 +19,7 @@ else:
 DESCRIPTOR: google.protobuf.descriptor.FileDescriptor
-@typing_extensions.final
+@typing.final
 class MigrationPayload(google.protobuf.message.Message):
    """Copied from: https://github.com/beemdevelopment/Aegis/blob/master/app/src/main/proto/google_auth.proto"""
@@ -28,7 +29,7 @@ class MigrationPayload(google.protobuf.message.Message):
        ValueType = typing.NewType("ValueType", builtins.int)
        V: typing_extensions.TypeAlias = ValueType
-    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):  # noqa: F821
+    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):
        DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
        ALGO_INVALID: MigrationPayload._Algorithm.ValueType  # 0
        ALGO_SHA1: MigrationPayload._Algorithm.ValueType  # 1
@@ -41,7 +42,7 @@ class MigrationPayload(google.protobuf.message.Message):
        ValueType = typing.NewType("ValueType", builtins.int)
        V: typing_extensions.TypeAlias = ValueType
-    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):  # noqa: F821
+    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):
        DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
        OTP_INVALID: MigrationPayload._OtpType.ValueType  # 0
        OTP_HOTP: MigrationPayload._OtpType.ValueType  # 1
@@ -52,7 +53,7 @@ class MigrationPayload(google.protobuf.message.Message):
    OTP_HOTP: MigrationPayload.OtpType.ValueType  # 1
    OTP_TOTP: MigrationPayload.OtpType.ValueType  # 2
-    @typing_extensions.final
+    @typing.final
    class OtpParameters(google.protobuf.message.Message):
        DESCRIPTOR: google.protobuf.descriptor.Descriptor
@@ -81,19 +82,19 @@ class MigrationPayload(google.protobuf.message.Message):
            type: global___MigrationPayload.OtpType.ValueType = ...,
            counter: builtins.int = ...,
        ) -> None: ...
-        def ClearField(self, field_name: typing_extensions.Literal["algorithm", b"algorithm", "counter", b"counter", "digits", b"digits", "issuer", b"issuer", "name", b"name", "secret", b"secret", "type", b"type"]) -> None: ...
+        def ClearField(self, field_name: typing.Literal["algorithm", b"algorithm", "counter", b"counter", "digits", b"digits", "issuer", b"issuer", "name", b"name", "secret", b"secret", "type", b"type"]) -> None: ...
    OTP_PARAMETERS_FIELD_NUMBER: builtins.int
    VERSION_FIELD_NUMBER: builtins.int
    BATCH_SIZE_FIELD_NUMBER: builtins.int
    BATCH_INDEX_FIELD_NUMBER: builtins.int
    BATCH_ID_FIELD_NUMBER: builtins.int
    @property
    def otp_parameters(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___MigrationPayload.OtpParameters]: ...
    version: builtins.int
    batch_size: builtins.int
    batch_index: builtins.int
    batch_id: builtins.int
    @property
    def otp_parameters(self) -> google.protobuf.internal.containers.RepeatedCompositeFieldContainer[global___MigrationPayload.OtpParameters]: ...
    def __init__(
        self,
        *,
@@ -103,6 +104,6 @@ class MigrationPayload(google.protobuf.message.Message):
        batch_index: builtins.int = ...,
        batch_id: builtins.int = ...,
    ) -> None: ...
-    def ClearField(self, field_name: typing_extensions.Literal["batch_id", b"batch_id", "batch_index", b"batch_index", "batch_size", b"batch_size", "otp_parameters", b"otp_parameters", "version", b"version"]) -> None: ...
+    def ClearField(self, field_name: typing.Literal["batch_id", b"batch_id", "batch_index", b"batch_index", "batch_size", b"batch_size", "otp_parameters", b"otp_parameters", "version", b"version"]) -> None: ...
 global___MigrationPayload = MigrationPayload
--- a/tests/data/url_list_output.txt
+++ b/tests/data/url_list_output.txt
@@ -0,0 +1,6 @@
 otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
 otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
 otpauth://totp/pi%40raspberrypi?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&issuer=raspberrypi
 otpauth://hotp/hotp%20demo?secret=7KSQL2JTUDIS5EF65KLMRQIIGY&counter=4
 otpauth://totp/encoding%3A%20%C2%BF%C3%A4%C3%84%C3%A9%C3%89%3F%20%28demo%29?secret=7KSQL2JTUDIS5EF65KLMRQIIGY
--- a/tests/extract_otp_secrets_test.py
+++ b/tests/extract_otp_secrets_test.py
@@ -39,7 +39,7 @@ from utils import (count_files_in_dir, file_exits, read_binary_file_as_stream,
 import extract_otp_secrets
 try:
-    import cv2  # type: ignore
+    import cv2
    from extract_otp_secrets import SUCCESS_COLOR, FAILURE_COLOR, FONT, FONT_SCALE, FONT_COLOR, FONT_THICKNESS, FONT_LINE_STYLE
 except ImportError:
    # ignore
@@ -418,6 +418,37 @@ def test_extract_txt_stdout_only_comments(capsys: pytest.CaptureFixture[str]) ->
    assert captured.err == ''
 def test_extract_urls(capsys: pytest.CaptureFixture[str], tmp_path: pathlib.Path) -> None:
    # Arrange
    output_file = str(tmp_path / 'test_example_url_list.txt')
    # Act
    extract_otp_secrets.main(['-q', '-u', output_file, 'example_export.txt'])
    # Assert
    expected_txt = read_file_to_str('tests/data/url_list_output.txt')
    actual_txt = read_file_to_str(output_file)
    assert actual_txt == expected_txt
    captured = capsys.readouterr()
    assert captured.out == ''
    assert captured.err == ''
 def test_extract_urls_stdout(capsys: pytest.CaptureFixture[str]) -> None:
    # Act
    extract_otp_secrets.main(['-u', '-', 'example_export.txt'])
    # Assert
    expected_txt = read_file_to_str('tests/data/url_list_output.txt')
    captured = capsys.readouterr()
    assert captured.out == expected_txt
    assert captured.err == ''
 def test_extract_not_encoded_plus(capsys: pytest.CaptureFixture[str]) -> None:
    # Act
    extract_otp_secrets.main(['tests/data/test_plus_problem_export.txt'])