appaloosa-store / appaloosa_client Goto Github PK

Hi,

I failed to run the appaloosa-client-1.3.jar client with following steps:

1. java -jar appaloosa-client-1.3 --groupNames everybody -t myToken myApk.apk

=> Error: Unable to access jarfile appaloosa-client-1.3
2. Then i changed to java -jar appaloosa-client-1.3.jar --groupNames everybody -t myToken myApk.apk

=> No main manifest attribute, in jar
3. Finally java -cp appaloosa-client-1.3.jar com.appaloosastore.client.Main --groupNames everybody -t myToken myApk.apk

=>

java.lang.NoClassDefFoundError: joptsimple/OptionParser
        at java.lang.Class.getDeclaredMethods0(Native Method)
        at java.lang.Class.privateGetDeclaredMethods(Unknown Source)
        at java.lang.Class.privateGetMethodRecursive(Unknown Source)
        at java.lang.Class.getMethod0(Unknown Source)
        at java.lang.Class.getMethod(Unknown Source)
        at sun.launcher.LauncherHelper.validateMainClass(Unknown Source)
        at sun.launcher.LauncherHelper.checkAndLoadMain(Unknown Source)

Did I miss something ?

When I try to launch the appaloosa client via the command line :
java -jar appaloosa-client-1.3 -t my-token --groups 'my-group' my-app.apk

I have this error message in result :
no main manifest attribute, in appaloosa-client-1.3.jar

Hi, i am using your client for uploading application artifacts to Appaloosa store. Thanks for your work :)
I recently discovered security issues inside dependencies of this client. More specifically in org.apache.httpcomponents:httpmime:4.2.5 and org.apache.httpcomponents:httpclient:4.2.5.

Here is list of issues:

CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Would it be possible to update these dependencies?

java -jar target/appaloosa-client-1.3-shaded.jar -t [our-secret-token] "..\CI Develop - Android Host\[our-apk-name].apk"

Exception in thread "main" com.appaloosastore.client.AppaloosaDeployException: Appaloosa servers seems to be down. Please retry later. Sorry for breaking your build...

You can find our log file here.

I checked and the build number of the APK is different from the one that is already in the store.
Our store has id 9317.

Thanks for any tips!