initrd: kernel requires directories for files

I don't blame them, it's logical as no umask mechanism exists at this
stage.

cmd/dkl-local-server/bootv2.go

@@ -66,13 +66,16 @@ func buildInitrd(out io.Writer, ctx *renderContext) (err error) {
 	if err != nil {
 		return
 	}
-	cat.AppendBytes(cfgBytes, "config.yaml", 0600)
+	cat.AppendBytes(cfgBytes, "config.yaml", 0o600)
 
 	// ssh keys
-	// XXX do we want a bootstrap-stage key instead of the real host key?
+	cat.AppendDir("/etc", 0o755)
+	cat.AppendDir("/etc/ssh", 0o700)
+
+	// XXX do we want bootstrap-stage keys instead of the real host key?
 	for _, format := range []string{"rsa", "dsa", "ecdsa", "ed25519"} {
 		keyPath := "/etc/ssh/ssh_host_" + format + "_key"
-		cat.AppendBytes(cfg.FileContent(keyPath), keyPath, 0600)
+		cat.AppendBytes(cfg.FileContent(keyPath), keyPath, 0o600)
 	}
 
 	// ssh user CA

go.mod

@@ -22,7 +22,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/apimachinery v0.33.2
 	m.cluseau.fr/go v0.0.0-20230809064045-12c5a121c766
-	novit.tech/direktil/pkg v0.0.0-20250628165657-648e16ad9855
+	novit.tech/direktil/pkg v0.0.0-20250630100055-554aaf0a8931
 )
 
 replace github.com/zmap/zlint/v3 => github.com/zmap/zlint/v3 v3.3.1

go.sum

@@ -539,3 +539,5 @@ novit.tech/direktil/pkg v0.0.0-20240415130406-0d2e181a4ed6 h1:D0TN5GyZ4d88ILpgVZ
 novit.tech/direktil/pkg v0.0.0-20240415130406-0d2e181a4ed6/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
 novit.tech/direktil/pkg v0.0.0-20250628165657-648e16ad9855 h1:/wfTtrkOvfTXJw/JVAJwezMly8bu5Ix1S02kx8kEtg0=
 novit.tech/direktil/pkg v0.0.0-20250628165657-648e16ad9855/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=
+novit.tech/direktil/pkg v0.0.0-20250630100055-554aaf0a8931 h1:q49xx2xpk7ot5dBTuSiCr5hTkynycdT1w0AcfTEFyxw=
+novit.tech/direktil/pkg v0.0.0-20250630100055-554aaf0a8931/go.mod h1:zjezU6tELE880oYHs/WAauGBupKIEQQ7KqWTB69RW10=