diff --git a/disable-systemd-sysusers.patch b/disable-systemd-sysusers.patch
deleted file mode 100644
index b20c46e..0000000
--- a/disable-systemd-sysusers.patch
+++ /dev/null
@@ -1,22 +0,0 @@
---- sysusers2shadow.sh.old	2024-07-04 14:24:01.013092683 +0200
-+++ sysusers2shadow.sh	2024-07-04 14:28:06.701540250 +0200
-@@ -7,14 +7,6 @@
- 	"$@"
- }
- 
--if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
--
--	if [ -n "$1" ] && [ "$1" != "%3" ]; then
--		REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||:
--	fi
--	# Use systemd-sysusers and let it read the input directly from stdin
--	run /usr/bin/systemd-sysusers $REPLACE_ARG -
--else
- 	# Absolute path to busybox, if found
- 	busybox=
- 	for i in /bin/busybox /usr/bin/busybox; do [ -x "$i" ] && busybox=$i; done
-@@ -126,4 +118,3 @@
- 		;;
- 		esac
- 	done
--fi
diff --git a/sysuser-tools.changes b/sysuser-tools.changes
index 8f9b81e..cb84080 100644
--- a/sysuser-tools.changes
+++ b/sysuser-tools.changes
@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Thu Aug 28 15:16:04 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Fallback to useradd if systemd is older than v257 [bsc#1248855]
+
+-------------------------------------------------------------------
+Wed Aug 27 06:56:02 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Don't set TZ=UTC for chage to avoid dependency on env.
+
+-------------------------------------------------------------------
+Tue Aug 26 09:45:05 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Use run macro for chage for log files/debugging.
+
+-------------------------------------------------------------------
+Mon Aug 25 07:17:30 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Generate provides for "u!".
+
+-------------------------------------------------------------------
+Wed Jul 23 18:28:04 UTC 2025 - Marcus Meissner <meissner@suse.com>
+
+- disable the buildroot virus scanning, as it needs the vscan user
+  this package provides. (bsc#1246878)
+
+-------------------------------------------------------------------
+Mon Jan 27 16:41:20 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
+
+- Add support for "u!" with useradd (shadow). busybox has no 
+  support for account/password expiration
+
+-------------------------------------------------------------------
+Wed Dec 11 11:05:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Directly check return value of systemd-sysusers 
+
+-------------------------------------------------------------------
+Mon Dec  9 06:30:23 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Drop SLE15 support and remove disable-systemd-sysusers.patch
+
+-------------------------------------------------------------------
+Mon Dec  9 05:59:25 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- sysuser-shadow: remove systemd 238 dependency, this does not
+  work in a single RPM transaction [bsc#1234277]. Call
+  systemd-sysuser instead again without --replace.
+
+-------------------------------------------------------------------
+Wed Aug  7 13:42:07 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
+
+- Remove check for .buildenv to see failures in OBS
+
 -------------------------------------------------------------------
 Wed Aug  7 10:04:38 UTC 2024 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/sysuser-tools.spec b/sysuser-tools.spec
index 2c87d22..ebd7e38 100644
--- a/sysuser-tools.spec
+++ b/sysuser-tools.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package sysuser-tools
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,11 +27,12 @@ Source1:        sysusers.attr
 Source2:        sysusers-generate-pre
 Source3:        macros.sysusers
 Source4:        sysusers2shadow.sh
-Patch0:         disable-systemd-sysusers.patch
 BuildArch:      noarch
 Requires:       sysuser-shadow
 #!BuildIgnore:  sysuser-shadow
 #!BuildIgnore:  sysuser-tools
+# This would need system-user-vscan, which needs this package
+#!BuildIgnore:  post-build-checks-malwarescan clamav clamav-database
 BuildRequires:  diffutils
 
 %description
@@ -43,12 +44,6 @@ Group:          System/Packages
 Requires(pre):  (/usr/sbin/useradd or busybox)
 # prefer original shadow over busybox by default
 Suggests:       shadow
-# sysusers2shdow uses sysusers2shadow uses systemd-sysusers if available. And we might pass --replace to it
-# --replace only appeared in systemd 238,so we want to ensure: if we have systemd, it must be recent enough
-# the Requires(pre) statement is to ensure we get it at any moment recent enough, not only at the end of
-# transactions, otherwise upgrades might randomly fail
-Requires(pre):  (systemd >= 238 if systemd)
-Requires:       (systemd >= 238 if systemd)
 
 %description -n sysuser-shadow
 This package contians a tool, which expects as input a sysusers.d
@@ -57,9 +52,6 @@ and groups from it like systemd-sysusers would do.
 
 %prep
 %setup -qcT
-%if 0%{?suse_version} <= 1500
-patch < %_sourcedir/disable-systemd-sysusers.patch %_sourcedir/sysusers2shadow.sh
-%endif
 
 %build
 
@@ -82,7 +74,7 @@ m   me  nogroup
 EOF
 
 cat <<EOFF > expected-account-pre
-/usr/sbin/sysusers2shadow me.conf <<"EOF" || [ -f /.buildenv ]
+/usr/sbin/sysusers2shadow me.conf <<"EOF"
 u   me   -     "myself" /dev/null
 m   me  nogroup
 g   asdf
diff --git a/sysusers-generate-pre b/sysusers-generate-pre
index 824ba71..bd1f8d7 100644
--- a/sysusers-generate-pre
+++ b/sysusers-generate-pre
@@ -1,6 +1,6 @@
 #!/bin/bash
 # pass systemd sysusers config paths as argument to this script.
 
-echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\" || [ -f /.buildenv ]"
+echo "/usr/sbin/sysusers2shadow $2 <<\"EOF\""
 (while read -r line; do if [[ $line =~ ^\s*[ugmr] ]]; then echo "$line"; fi; done) < "$1"
 echo 'EOF'
diff --git a/sysusers.prov b/sysusers.prov
index 365eb31..fb9dc5a 100644
--- a/sysusers.prov
+++ b/sysusers.prov
@@ -9,7 +9,7 @@ parse()
 		set -- $line
 		if [ "$1" = 'g' ]; then
 			echo "group($2)"
-		elif [ "$1" = 'u' ]; then
+		elif [ "$1" = 'u' ] || [ "$1" = 'u!' ] ; then
 			echo "user($2)"
 			echo "group($2)"
 		fi
diff --git a/sysusers2shadow.sh b/sysusers2shadow.sh
index 4441888..29bb3ba 100644
--- a/sysusers2shadow.sh
+++ b/sysusers2shadow.sh
@@ -7,10 +7,16 @@ run() {
 	"$@"
 }
 
+SYSTEMD_VERSION=0
 if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ]; then
+	SYSTEMD_VERSION=$(systemd-sysusers --version | head -n1 | sed 's|systemd \([0-9]\+\).*|\1|g')
+fi
+
+# "u!" is only supported with systemd-sysusers v257 or newer
+if [ -x /usr/bin/systemd-sysusers ] && [ -e /proc/version ] && [ $SYSTEMD_VERSION -ge 257 ]; then
 
 	if [ -n "$1" ] && [ "$1" != "%3" ]; then
-		REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1" ||:
+		REPLACE_ARG="--replace=/usr/lib/sysusers.d/$1"
 	fi
 	# Use systemd-sysusers and let it read the input directly from stdin
 	run /usr/bin/systemd-sysusers $REPLACE_ARG -
@@ -44,7 +50,11 @@ else
 				fi
 			fi
 		;;
-		u)
+		u|u\!)
+			if [ "${1}" = "u!" ]; then
+			    EXPIRE_DATE="1970-01-02"
+			fi
+
 			shift
 			ARGUMENTS="$1"
 
@@ -87,6 +97,9 @@ else
 			    fi
 
 			    run /usr/sbin/useradd -r -c "$3" -d "${homedir}" $ARGUMENTS
+			    if [ -n "$EXPIRE_DATE" ]; then
+				run chage -E "$EXPIRE_DATE" "$1"
+			    fi
 			elif [ -x "$busybox" ]; then
 			    if [ -n "$GROUP_ID" ] && [ "$GROUP_ID" != "-" ]; then
 				run $busybox adduser -S -H -g "$3" -G "GROUP_ID" -h "${homedir}" $ARGUMENTS