Comment # 4 on bug 1231244 from David Cassany

(In reply to Franck Bui from comment #3)
> I don't think you clearly answer to my previous question so let me ask
> again: did you face any concrete issues with delaying the creation of
> sytemd-timesync system user or not ?

Sorry, yes, we did, booting our Elemental testing images based on TW we noticed
the systemd-timesyncd service failed to start because systemd-timesync user was
not created. 

Our images are created on top of the opensuse/tumbleweed container image. So we
essentially bootstrap from a container. It did not used to fail before and by
debugging it we discovered in previous builds such user was created as part of
the `system-user-nobody` package installation scriptlet. However now this user
is already part of the base image hence the installation of udev and systemd
does not include any `system-user-*` package in the transaction, resulting in
users not being created.

We have no clue on which is the expected process that should have created them
at boot. So far we have not identified anything on the boot process doing such
a task, is there any special package or mechanism to automate system users
creation at boot?

> 
> Again the final initialization of a stateless system is supposed to happen
> on the first boot process. So I'd like to understand why this couldn't be
> achieved or whether it's currently "only" some inconsistencies you're seeing
> between some systemd-user-* packages and systemd/udev.

So with our current set of packages there is nothing creating system users at
boot. If there is something for that we completely missed it. So far the
workaround we are using is so simple, we are just calling
/usr/bin/systemd-sysusers after udev installation.

https://github.com/rancher/elemental-toolkit/blob/0fc05a94f99fc1e696d586ab0920b8295d09a950/examples/green/Dockerfile#L78-L79