Systemd units with ConditionFirstBoot=yes are not ever triggered when embedded in an image built by Image Builder.

The issue is that the rpm stage in osbuild create an empty machine-id (see here and here). However, systemd doesn't consider this setup as a first boot (see the machine-id man page). According to the man page, we should put "uninitialized\n" in the file instead.

Note that according to the man page, it's also possible not to create the file at all to trigger ConditionFirstBoot correctly. However, I recall reading somewhere that this is not ideal, because if initramfs is mounted RO, systemd cannot bind-mount a generated machine-id in /etc. This might not be issue in RHEL because IIRC we don't mount initramfs RO, but it might be better to be safe rather than sorry.

I think we should definitely fix this for EL10, but I'm honestly worried about backporting this to EL8 and EL9 because it can start triggering services that weren't being started before.