Umm. Somehow I thought this would be easier than learning about live-build. Probably I was wrong. There are probably many better tutorials on the web.
Two useful observations: zeroing the key can eliminate mysterious grub errors, and systemd-nspawn is pretty handy. One thing that should have been obvious, but wasn't to me is that it's easier to install grub onto a device outside of any container.
# fdisk -l /dev/sdx
Assume that every command after here is dangerous.
Zero it out. This is overkill for a fresh key, but fixed a problem with reusing a stick that had a previous live distro installed on it.
# dd if=/dev/zero of=/dev/sdx bs=1048576 count=$count
$count is calculated by dividing the sector count by 2048.
Make file system. There are lots of options. I eventually used parted
# parted (parted) mklabel msdos (parted) mkpart primary ext2 1 -1 (parted) set 1 boot on (parted) quit
Make a file system
# mkfs.ext2 /dev/sdx1 # mount /dev/sdx1 /mnt
Install the base system
# debootstrap --variant=minbase jessie /mnt http://httpredir.debian.org/debian/
Install grub (no chroot needed)
# grub-install --boot-directory /mnt/boot /dev/sdx1
Set a root password
# chroot /mnt # passwd root # exit
create up fstab
# blkid -p /dev/sdc1 | cut -f2 -d' ' > /mnt/etc/fstab
Now edit to fix syntax, tell ext2, etc...
Now switch to system-nspawn, to avoid boring bind mounting, etc..
# systemd-nspawn -b -D /mnt
login to the container, install linux-base, linux-image-amd64, grub-pc
EDIT: fixed block size of dd, based on suggestion of tg. EDIT2: fixed count to match block size