The following procedures are followed in the production of Debian flash drive installation media:
# Open a terminal and create directory in Downloads folder
cd Downloads
mkdir debian
cd debian
# Download the latest full release image of Debian
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/debian-12.9.0...
# Download SHA512SUMS and SHA512SUMS.sign
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/SHA512SUMS
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-dvd/SHA512SUMS.sign
# Perform an integrity check on the downloaded image
sha512sum -b debian-12.9.0-amd64-DVD-1.iso
f28a4c5502835e79f7fa739327e6ffa71566facc5ef126bd9c18670093dd6f00f95c202ad195103f27615bcb456dde9082c38dfd9003d5b593b0a8fbb569f26a *debian-12.9.0-amd64-DVD-1.iso
# Compare the above output against the content of SHA512SUMS, the outputs should match
cat SHA512SUMS
f28a4c5502835e79f7fa739327e6ffa71566facc5ef126bd9c18670093dd6f00f95c202ad195103f27615bcb456dde9082c38dfd9003d5b593b0a8fbb569f26a debian-12.9.0-amd64-DVD-1.iso
…
# Verify the authenticity of SHA512SUMS: The output of the below command should tell you that the file signature is
# "good signature" and that it was signed with the DA87E80D6294BE9B key. If you see a warning about not being certified
# with a trusted signature this is normal, and generally not a concern
gpg --keyid-format long --verify SHA512SUMS.sign SHA512SUMS
gpg: Signature made Sat 11 Jan 2025 01:08:06 PM EST
gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Good signature from "Debian CD signing key " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
# Plug in a USB flash drive and unmount any auto-mounted partitions to ensure reliability of written image
# At a minimum make sure the size of the flash drive matches what you inserted to avoid accidentally
# overwriting important data
sudo fdisk -l
Disk /dev/sda: 15.55 GiB, 16693329920 bytes, 32604160 sectors
Disk model: BOOT DISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xc3072e18
Device Boot Start End Sectors Size Id Type
/dev/sda1 240 32604159 32603920 15.5G c W95 FAT32 (LBA)
# So we're going to run the follow commands as the flash drive above we are using has mounted partitions
sudo umount /dev/sda1
sudo umount /dev/sda2
sudo umount /dev/sda3
# Write the Debian ISO image to disk
sudo dd if=debian-12.9.0-amd64-DVD-1.iso of=/dev/sda bs=16M oflag=direct status=progress
3976200192 bytes (4.0 GB, 3.7 GiB) copied, 186 s, 21.4 MB/s3981279232 bytes (4.0 GB, 3.7 GiB) copied, 186.05 s, 21.4 MB/s
237+1 records in
237+1 records out
3981279232 bytes (4.0 GB, 3.7 GiB) copied, 186.297 s, 21.4 MB/s
# Run the sync command to flush any data to disk and make sure it's written
sync
# Identify the size of the ISO image using the stat command
stat -c '%s' debian-12.9.0-amd64-DVD-1.iso
3981279232
# Along with the above number output use the head command to check the portion of the disk we've written
# the ISO to Prior to running this command it isn't a bad idea to unplug the USB drive and connect it again
sudo head -c 3981279232 /dev/sda | sha512sum
f28a4c5502835e79f7fa739327e6ffa71566facc5ef126bd9c18670093dd6f00f95c202ad195103f27615bcb456dde9082c38dfd9003d5b593b0a8fbb569f26a -
# Make sure the output above matches what is in the SHA512SUMS file we downloaded earlier
cat SHA512SUMS
f28a4c5502835e79f7fa739327e6ffa71566facc5ef126bd9c18670093dd6f00f95c202ad195103f27615bcb456dde9082c38dfd9003d5b593b0a8fbb569f26a debian-12.9.0-amd64-DVD-1.iso
..
# In this case the above matches so we can conclude that the ISO image is fully and properly written to disk