chore(coreos-base/coreos-base): remove unused groups/users

we have a few unused groups and users. Reserve the UIDs but just don't
have them in the DB until we need them.

sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-base/coreos-base-0.ebuild

@@ -195,99 +195,53 @@ pkg_postinst() {
 	copy_or_add_daemon_user "ntp" 203
 	copy_or_add_daemon_user "sshd" 204
 	copy_or_add_daemon_user "polkituser" 206  # For policykit
-	copy_or_add_daemon_user "tss" 207         # For trousers (TSS/TPM)
+#	copy_or_add_daemon_user "tss" 207         # For trousers (TSS/TPM)
 	copy_or_add_daemon_user "pkcs11" 208      # For pkcs11 clients
 	copy_or_add_daemon_user "qdlservice" 209  # for QDLService
-	copy_or_add_daemon_user "cromo" 210       # For cromo (modem manager)
+#	copy_or_add_daemon_user "cromo" 210       # For cromo (modem manager)
 #	copy_or_add_daemon_user "cashew" 211      # Deprecated, do not reuse
 	copy_or_add_daemon_user "ipsec" 212       # For strongswan/ipsec VPN
-	copy_or_add_daemon_user "cros-disks" 213  # For cros-disks
+#	copy_or_add_daemon_user "cros-disks" 213  # For cros-disks
 	copy_or_add_daemon_user "tor" 214         # For tor (anonymity service)
 	copy_or_add_daemon_user "tcpdump" 215     # For tcpdump --with-user
 	copy_or_add_daemon_user "debugd" 216      # For debugd
 	copy_or_add_daemon_user "openvpn" 217     # For openvpn
-	copy_or_add_daemon_user "bluetooth" 218   # For bluez
-	copy_or_add_daemon_user "wpa" 219         # For wpa_supplicant
-	copy_or_add_daemon_user "cras" 220        # For cras (audio)
+#	copy_or_add_daemon_user "bluetooth" 218   # For bluez
+#	copy_or_add_daemon_user "wpa" 219         # For wpa_supplicant
+#	copy_or_add_daemon_user "cras" 220        # For cras (audio)
 #	copy_or_add_daemon_user "gavd" 221        # For gavd (audio) (deprecated)
 	copy_or_add_daemon_user "input" 222       # For /dev/input/event access
-	copy_or_add_daemon_user "chaps" 223       # For chaps (pkcs11)
+#	copy_or_add_daemon_user "chaps" 223       # For chaps (pkcs11)
 	copy_or_add_daemon_user "dhcp" 224        # For dhcpcd (DHCP client)
-	copy_or_add_daemon_user "tpmd" 225        # For tpmd
-	copy_or_add_daemon_user "mtp" 226         # For libmtp
-	copy_or_add_daemon_user "proxystate" 227  # For proxy monitoring
-	copy_or_add_daemon_user "power" 228       # For powerd
-	copy_or_add_daemon_user "watchdog" 229    # For daisydog
-	copy_or_add_daemon_user "devbroker" 230   # For permission_broker
-	copy_or_add_daemon_user "xorg" 231        # For Xorg
+#	copy_or_add_daemon_user "tpmd" 225        # For tpmd
+#	copy_or_add_daemon_user "mtp" 226         # For libmtp
+#	copy_or_add_daemon_user "proxystate" 227  # For proxy monitoring
+#	copy_or_add_daemon_user "power" 228       # For powerd
+#	copy_or_add_daemon_user "watchdog" 229    # For daisydog
+#	copy_or_add_daemon_user "devbroker" 230   # For permission_broker
+#	copy_or_add_daemon_user "xorg" 231        # For Xorg
 	# Reserve some UIDs/GIDs between 300 and 349 for sandboxing FUSE-based
 	# filesystem daemons.
-	copy_or_add_daemon_user "ntfs-3g" 300     # For ntfs-3g prcoess
-	copy_or_add_daemon_user "avfs" 301        # For avfs process
-	copy_or_add_daemon_user "fuse-exfat" 302  # For exfat-fuse prcoess
-
-	# Group that are allowed to create directories under /home/<hash>/root
-	copy_or_add_group "daemon-store" 400
-
-	# All audio interfacing will go through the audio server.
-	add_users_to_group audio "cras"
-	add_users_to_group input "cras"           # For /dev/input/event* access
-
-	# The system user is part of the audio server group to play sounds.  The
-	# power manager user needs to check whether audio is playing.
-	add_users_to_group cras "${system_user}" power
-
-	# The system_user needs to be part of the audio and video groups.
-	add_users_to_group audio "${system_user}"
-	add_users_to_group video "${system_user}"
-
-	# The Xorg user needs to be part of the input and video groups.
-	add_users_to_group input "xorg"
-	add_users_to_group video "xorg"
+#	copy_or_add_daemon_user "ntfs-3g" 300     # For ntfs-3g prcoess
+#	copy_or_add_daemon_user "avfs" 301        # For avfs process
+#	copy_or_add_daemon_user "fuse-exfat" 302  # For exfat-fuse prcoess
 
 	# Users which require access to PKCS #11 cryptographic services must be
 	# in the pkcs11 group.
 	remove_all_users_from_group pkcs11
-	add_users_to_group pkcs11 root ipsec "${system_user}" chaps wpa
+	add_users_to_group pkcs11 root ipsec "${system_user}"
 
 	# All users accessing opencryptoki database files and all users for
 	# sandboxing FUSE-based filesystem daemons need to be in the
 	# ${system_access_user} group.
 	remove_all_users_from_group "${system_access_user}"
 	add_users_to_group "${system_access_user}" root ipsec "${system_user}" \
-		ntfs-3g avfs fuse-exfat chaps
 
 	# Dedicated group for owning access to serial devices.
 	copy_or_add_group "serial" 402
 	add_users_to_group "serial" "${system_user}"
 	add_users_to_group "serial" "uucp"
 
-	# The root user must be in the wpa group for wpa_cli.
-	add_users_to_group wpa root
-
-	# Restrict tcsd access to root and chaps.
-	add_users_to_group tss root chaps
-
-	# Add mtp user to usb group for USB device access.
-	add_users_to_group usb mtp
-
-	# Create a group for device access via permission_broker
-	copy_or_add_group "devbroker-access" 403
-	add_users_to_group devbroker-access "${system_user}"
-
-	# Give the power manager access to I2C devices so it can adjust external
-	# displays' brightness via DDC.
-	copy_or_add_group i2c 404
-	add_users_to_group i2c power
-
-	# Give the power manager access to /dev/tty* so it can disable VT switching
-	# before suspending the system.
-	add_users_to_group tty power
-
-	# The power manager needs to read from /dev/input/event* to observe power
-	# button and lid events.
-	add_users_to_group input power
-
 	# Some default directories. These are created here rather than at
 	# install because some of them may already exist and have mounts.
 	for x in /dev /home /media \