diff --git a/.github/workflows/clang18.yml b/.github/workflows/clang18.yml
index 299b861..7d8f05d 100644
--- a/.github/workflows/clang18.yml
+++ b/.github/workflows/clang18.yml
@@ -1,6 +1,7 @@
+---
 name: clang 18
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time clang-18
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=clang++-18
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time clang-18
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=clang++-18
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cc7b490..1c83bb2 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,3 +1,4 @@
+---
 # For most projects, this workflow file will not need changing; you simply need
 # to commit it to your repository.
 #
@@ -11,12 +12,12 @@
 #
 name: "CodeQL"
 
-on:
+"on":
   push:
-    branches: [ "main", "devel" ]
+    branches: ["main", "devel"]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ "main", "devel" ]
+    branches: ["main", "devel"]
   schedule:
     - cron: '39 4 * * 0'
 
@@ -32,39 +33,40 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'cpp' ]
+        language: ['cpp']
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ]
         # Use only 'java' to analyze code written in Java, Kotlin or both
         # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-    - name: Install dependencies
-      run: |
-           sudo apt-get update
-           sudo apt-get install autoconf autoconf-archive nettle-dev build-essential g++ -y
+      - name: Install dependencies
+        run: |
+             sudo apt-get update
+             sudo apt-get install autoconf autoconf-archive nettle-dev build-essential g++ -y
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
 
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-    - name: Build
-      run: |
-       ./bootstrap.sh
-       ./configure
-       make
+          # For more details on CodeQL's query packs, refer to:
+          # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+      - name: Build
+        run: |
+         ./bootstrap.sh
+         ./configure
+         make
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/cppcheck.yml b/.github/workflows/cppcheck.yml
index bd2bccd..8ac7f10 100644
--- a/.github/workflows/cppcheck.yml
+++ b/.github/workflows/cppcheck.yml
@@ -1,6 +1,7 @@
+---
 name: cppcheck
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,15 +15,14 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install cppcheck
-    - name: run cppcheck
-      run: cppcheck/run_cppcheck.sh
-    - name: store the cppcheck output as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: 'cppcheck/out/*'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install cppcheck
+      - name: run cppcheck
+        run: cppcheck/run_cppcheck.sh
+      - name: store the cppcheck output as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: 'cppcheck/out/*'
diff --git a/.github/workflows/debian-bookworm.yml b/.github/workflows/debian-bookworm.yml
index 06d0f84..c189d0c 100644
--- a/.github/workflows/debian-bookworm.yml
+++ b/.github/workflows/debian-bookworm.yml
@@ -1,6 +1,7 @@
+---
 name: debian 12 bookworm
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,29 +15,29 @@ jobs:
     container:
       image: debian:bookworm-slim
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
-    - name: build with hardened build flags
-      run: |
-        make clean
-        eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
-        ./configure
-        make
-        make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
+      - name: build with hardened build flags
+        run: |
+          make clean
+          eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
+          ./configure
+          make
+          make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/debian-bullseye.yml b/.github/workflows/debian-bullseye.yml
index f1087bb..7501383 100644
--- a/.github/workflows/debian-bullseye.yml
+++ b/.github/workflows/debian-bullseye.yml
@@ -1,6 +1,7 @@
+---
 name: debian 11 bullseye
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,29 +15,29 @@ jobs:
     container:
       image: debian:bullseye-slim
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
-    - name: build with hardened build flags
-      run: |
-        make clean
-        eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
-        ./configure
-        make
-        make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
+      - name: build with hardened build flags
+        run: |
+          make clean
+          eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
+          ./configure
+          make
+          make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/debian-trixie.yml b/.github/workflows/debian-trixie.yml
index f13b320..6a31b2b 100644
--- a/.github/workflows/debian-trixie.yml
+++ b/.github/workflows/debian-trixie.yml
@@ -1,6 +1,7 @@
+---
 name: debian 13 trixie
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,29 +15,29 @@ jobs:
     container:
       image: debian:trixie-slim
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
-    - name: build with hardened build flags
-      run: |
-        make clean
-        eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
-        ./configure
-        make
-        make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: apt-get update && apt-get install autoconf build-essential nettle-dev libcap2-bin --yes
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
+      - name: build with hardened build flags
+        run: |
+          make clean
+          eval $(DEB_CXXFLAGS_APPEND=-std=c++17 DEB_BUILD_MAINT_OPTIONS="hardening=+all qa=+all,-canary reproducible=+all" dpkg-buildflags --export=sh)
+          ./configure
+          make
+          make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/deterministic.yml b/.github/workflows/deterministic.yml
index 9cf4ef1..e13c13a 100644
--- a/.github/workflows/deterministic.yml
+++ b/.github/workflows/deterministic.yml
@@ -1,6 +1,7 @@
+---
 name: test deterministic operation
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time disorderfs
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXXFLAGS=-std=c++17
-    - name: make
-      run: make
-    - name: run determinism test
-      run: testcases/verify_deterministic_operation.sh
-    - name: store logs as artifacts
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time disorderfs
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXXFLAGS=-std=c++17
+      - name: make
+        run: make
+      - name: run determinism test
+        run: testcases/verify_deterministic_operation.sh
+      - name: store logs as artifacts
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/fedora-40.yml b/.github/workflows/fedora-40.yml
index ebc004d..e6d159f 100644
--- a/.github/workflows/fedora-40.yml
+++ b/.github/workflows/fedora-40.yml
@@ -1,6 +1,7 @@
+---
 name: fedora 40
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,22 +15,22 @@ jobs:
     container:
       image: fedora:40
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: yes | dnf install automake gcc which g++ nettle-devel
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make -j $(nproc)
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: yes | dnf install automake gcc which g++ nettle-devel
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make -j $(nproc)
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/fedora-41.yml b/.github/workflows/fedora-41.yml
index 572ad5c..6e634be 100644
--- a/.github/workflows/fedora-41.yml
+++ b/.github/workflows/fedora-41.yml
@@ -1,6 +1,7 @@
+---
 name: fedora 41
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,22 +15,22 @@ jobs:
     container:
       image: fedora:41
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: yes | dnf install automake gcc which g++ nettle-devel
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make -j $(nproc)
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: yes | dnf install automake gcc which g++ nettle-devel
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make -j $(nproc)
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml
index 224cce3..06adf1b 100644
--- a/.github/workflows/formatting.yml
+++ b/.github/workflows/formatting.yml
@@ -1,6 +1,7 @@
+---
 name: code formatting
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,30 +15,29 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install clang-18
-    - name: run clang format
-      run: |
-        ./do_clang_format.sh
-    - name: check for differences
-      run: |
-        git diff >clang-format.patch
-        if [ $(wc -c <clang-format.patch) -ne 0 ] ; then
-           echo "there was a formatting issue."
-           cat /etc/os-release
-           echo "you may download the artifact and apply it with git apply"
-           cat clang-format.patch
-           exit 1
-        else
-           rm clang-format.patch
-        fi
-    - name: store patch as artifact if there is one
-      if: failure()
-      uses: actions/upload-artifact@v4
-      with:
-        name: clang-format.patch
-        path: clang-format.patch
-        if-no-files-found: ignore
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install clang-18
+      - name: run clang format
+        run: |
+          ./do_clang_format.sh
+      - name: check for differences
+        run: |
+          git diff >clang-format.patch
+          if [ $(wc -c <clang-format.patch) -ne 0 ] ; then
+             echo "there was a formatting issue."
+             cat /etc/os-release
+             echo "you may download the artifact and apply it with git apply"
+             cat clang-format.patch
+             exit 1
+          else
+             rm clang-format.patch
+          fi
+      - name: store patch as artifact if there is one
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: clang-format.patch
+          path: clang-format.patch
+          if-no-files-found: ignore
diff --git a/.github/workflows/gcc10.yml b/.github/workflows/gcc10.yml
index ad9412e..741d2e1 100644
--- a/.github/workflows/gcc10.yml
+++ b/.github/workflows/gcc10.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 10
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-10 g++-10
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-10 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-10 g++-10
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-10 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/gcc11.yml b/.github/workflows/gcc11.yml
index 57b5623..c72bed4 100644
--- a/.github/workflows/gcc11.yml
+++ b/.github/workflows/gcc11.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 11
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-11 g++-11
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-11 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-11 g++-11
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-11 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/gcc12.yml b/.github/workflows/gcc12.yml
index 42f4f51..edda31f 100644
--- a/.github/workflows/gcc12.yml
+++ b/.github/workflows/gcc12.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 12
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-12 g++-12
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-12 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-12 g++-12
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-12 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/gcc13.yml b/.github/workflows/gcc13.yml
index 3a228e7..eca42e0 100644
--- a/.github/workflows/gcc13.yml
+++ b/.github/workflows/gcc13.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 13
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,25 +15,24 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: add ppa
-      run: |
-        sudo add-apt-repository ppa:ubuntu-toolchain-r/test
-        sudo apt-get update
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-13 g++-13
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-13 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: add ppa
+        run: |
+          sudo add-apt-repository ppa:ubuntu-toolchain-r/test
+          sudo apt-get update
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-13 g++-13
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-13 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/gcc14.yml b/.github/workflows/gcc14.yml
index 5712790..021fa27 100644
--- a/.github/workflows/gcc14.yml
+++ b/.github/workflows/gcc14.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 14
 
-on:
+"on":
   push:
     branches:
       - main
@@ -13,21 +14,20 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-14 g++-14
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-14 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-14 g++-14
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-14 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/gcc9.yml b/.github/workflows/gcc9.yml
index f4fd4f6..4cc1295 100644
--- a/.github/workflows/gcc9.yml
+++ b/.github/workflows/gcc9.yml
@@ -1,6 +1,7 @@
+---
 name: gcc 9
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,21 +15,20 @@ jobs:
     runs-on: ubuntu-22.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time gcc-9 g++-9
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure CXX=g++-9 CXXFLAGS=-std=c++17
-    - name: build
-      run: make
-    - name: check
-      run: make check
-    - name: store the logs as an artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time gcc-9 g++-9
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure CXX=g++-9 CXXFLAGS=-std=c++17
+      - name: build
+        run: make
+      - name: check
+        run: make check
+      - name: store the logs as an artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/mac.yml b/.github/workflows/mac.yml
index 0e07f73..62727f3 100644
--- a/.github/workflows/mac.yml
+++ b/.github/workflows/mac.yml
@@ -1,6 +1,7 @@
+---
 name: mac os x default build
 
-on:
+"on":
   push:
     branches:
       - main
@@ -16,23 +17,24 @@ jobs:
         os: [macos-latest]
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: brew install nettle automake autoconf
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS="-std=c++17 -I$(brew --prefix nettle)/include -L$(brew --prefix nettle)/lib"
-    - name: make
-      run: make
-# tests fail because readlink does not understand -f on mac      
-#    - name: make check
-#      run: make check
-#    - name: make distcheck
-#      run: make distcheck CXXFLAGS=-std=c++11
-    - name: Upload a Build Artifact
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: brew install nettle automake autoconf
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS="-std=c++17 -I$(brew --prefix nettle)/include -L$(brew --prefix nettle)/lib"
+      - name: make
+        run: make
+      # tests fail because readlink does not understand -f on mac
+      # install greadlink and use that instead ?
+      # - name: make check
+      #   run: make check
+      # - name: make distcheck
+      #   run: make distcheck CXXFLAGS=-std=c++11
+      - name: Upload a Build Artifact
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index 3bc0183..ffaf478 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -1,6 +1,7 @@
+---
 name: build variants
 
-on:
+"on":
   push:
     branches:
       - main
@@ -14,15 +15,14 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev time libc6-i386 gcc-multilib g++-multilib valgrind libc++-dev libc++abi-dev clang
-    - name: run do_quality_checks.sh
-      run: ./do_quality_checks.sh
-    - name: store logs as artifacts
-      if: ${{ always() }}
-      uses: actions/upload-artifact@v4
-      with:
-         path: '**/*.log'
-
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev time libc6-i386 gcc-multilib g++-multilib valgrind libc++-dev libc++abi-dev clang
+      - name: run do_quality_checks.sh
+        run: ./do_quality_checks.sh
+      - name: store logs as artifacts
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          path: '**/*.log'
diff --git a/.github/workflows/ubuntu-default.yml b/.github/workflows/ubuntu-default.yml
index 6902b4a..94c1c91 100644
--- a/.github/workflows/ubuntu-default.yml
+++ b/.github/workflows/ubuntu-default.yml
@@ -1,6 +1,7 @@
+---
 name: ubuntu default build
 
-on:
+"on":
   push:
     branches:
       - main
@@ -16,17 +17,17 @@ jobs:
         os: [ubuntu-20.04, ubuntu-22.04, ubuntu-24.04]
 
     steps:
-    - name: checkout
-      uses: actions/checkout@v4
-    - name: install packages
-      run: sudo apt install build-essential nettle-dev
-    - name: bootstrap
-      run: ./bootstrap.sh
-    - name: configure
-      run: ./configure --enable-warnings CXXFLAGS=-std=c++17
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: make distcheck
-      run: make distcheck CXXFLAGS=-std=c++17
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: install packages
+        run: sudo apt install build-essential nettle-dev
+      - name: bootstrap
+        run: ./bootstrap.sh
+      - name: configure
+        run: ./configure --enable-warnings CXXFLAGS=-std=c++17
+      - name: make
+        run: make
+      - name: make check
+        run: make check
+      - name: make distcheck
+        run: make distcheck CXXFLAGS=-std=c++17
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 0000000..03907e1
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,39 @@
+---
+
+yaml-files:
+  - '*.yaml'
+  - '*.yml'
+  - '.yamllint'
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: enable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning
+
+  line-length:
+    allow-non-breakable-words: true
+    max: 160
diff --git a/do_yamllint.sh b/do_yamllint.sh
index 4a2cd43..48fea76 100755
--- a/do_yamllint.sh
+++ b/do_yamllint.sh
@@ -16,6 +16,4 @@ else
 fi
 
 # run this when all issues are fixed
-# git ls-files | grep -E "*.yml$" | xargs "$YMLLINT"
-
-"$YMLLINT" .github/workflows/shellcheck.yml .github/workflows/yamllint.yml
+git ls-files | grep -E ".yml$" | xargs "$YMLLINT"