Fix unfailing CheckExternalCommands

On Unix, with shell=True, the shell default to /bin/sh.
Using Popen(['type', command], shell=True) is equivalent to calling
Popen(['/bin/sh', '-c', 'type', command]).
In this case 'command' becomes a positional parameter to the shell,
and not an argument to the command 'type'.

The solution is to pass a single string as parameter.

The problem is that with shell=True, we are never safe from a shell injection,
so it is wiser to use a python only solution.

The package distutils is part of the standard distribution, so it doesn't add
extra dependencies.
The method find_executable has the same behaviour as 'which' on bash.

bootstrapvz/common/tasks/host.py

@@ -9,14 +9,14 @@ class CheckExternalCommands(Task):
 
     @classmethod
     def run(cls, info):
-        from ..tools import log_check_call
-        from subprocess import CalledProcessError
         import re
+        import logging
+        from distutils.spawn import find_executable
         missing_packages = []
+        log = logging.getLogger(__name__)
         for command, package in info.host_dependencies.items():
-            try:
+            log.debug('Checking availability of ' + command)
-                log_check_call(['type', command], shell=True)
+            if find_executable(command) is None:
-            except CalledProcessError:
                 if re.match('^https?:\/\/', package):
                     msg = ('The command `{command}\' is not available, '
                            'you can download the software at `{package}\'.'