possible shell injection in AptOfflineCoreLib.py

[TheRegRunner]

Because of the os.system call ,
AptOfflineCoreLib.py is vulnerable to shell command injections in 4 ways.

1. if there is a shell command in the path, for example /tmp/$(xterm)/gpgv/
2. in the "keyring" text
3. in the name of the "signature file"
4. in the name of the "signed_file", for example ;xmessage hello;#.gpg

So, please use subprocess, not os.system

[TheRegRunner]

my patch on launchpad for
/usr/lib/python2.7/dist-packages/apt_offline_core/AptOfflineCoreLib.py

https://bugs.launchpad.net/ubuntu/+source/apt-offline/+bug/1509835