system_update/templates/custom/bootstrap-root.sh.tpl

#!/bin/sh
# Bootstrap première prépa (après DHCP / su -) : sudo + outils de base, ajout au groupe sudo.
# Non interactif. Échec contrôlé. Aucun secret (operatorUser = champ de formulaire).
export LC_ALL=C
export DEBIAN_FRONTEND=noninteractive
echo "===SU:CUSTOM_BOOTSTRAP==="
apt-get update -qq 2>&1
if apt-get install -y sudo resolvconf ca-certificates curl 2>&1; then
  for p in sudo resolvconf ca-certificates curl; do echo "PKG_INSTALLED=$p"; done
  CODE=0
else
  echo "ERR=package_install_failed"
  CODE=1
fi
if usermod -aG sudo "{{operatorUser}}" 2>&1; then
  echo "GROUP_ADDED=sudo:{{operatorUser}}"
else
  echo "ERR=sudo_setup_failed"
fi
if su - "{{operatorUser}}" -c 'sudo -n true' 2>/dev/null; then
  echo "SUDO_OK=1"
else
  echo "SUDO_CHECK_PENDING=1"
fi
echo "===SU:EXIT=${CODE}==="