tap2rpm should not use os.system for running other commands
|Reported by:||TimAllen||Owned by:|
Currently tap2rpm uses os.system to call various commands including tar and rpmbuild, which has two issues:
- Little attempt has been made at quoting, which means a single $ or " could make the whole thing blow up.
- The entire, horribly verbose rpm build process gets dumped to stdout.
tap2rpm should be updated to use Python's popen2 or subprocess modules, or even Twisted's own t.i.utils.getProcessOutputAndValue(). If the return value is zero, the process has probably been successful and the output can be discarded; otherwise the output probably contains useful error messages and should be printed.