Package Details: balena-etcher 2.1.4-1

Git Clone URL: https://aur.archlinux.org/balena-etcher.git (read-only, click to copy)
Package Base: balena-etcher
Description: Flash OS images to SD cards & USB drives, safely and easily
Upstream URL: https://balena.io/etcher
Licenses: Apache-2.0
Conflicts: etcher, etcher-bin, etcher-git
Submitter: gin078
Maintainer: zhullyb (Clansty, sukanka, lilac, d3m3vilurr)
Last Packager: Rooki
Votes: 269
Popularity: 0.36
First Submitted: 2019-05-13 11:35 (UTC)
Last Updated: 2025-11-29 12:30 (UTC)

Latest Comments

1 2 3 4 5 6 .. 31 Next › Last »

sabrewulf1986 commented on 2025-12-23 19:43 (UTC)

"The package balena-etcher [1] was disowned by Rooki [2].

[1] https://aur.archlinux.org/pkgbase/balena-etcher/ [2] https://aur.archlinux.org/account/Rooki/"

This has got to be the wildest AUR package drama I've ever come across.

Is this to a point yet where you install and there's no more headaches, no more weird fkn workarounds, it just works and updates zero nodejs issues?

Otherwise I say scrap this entire thing all together. The Tails guys a while ago dropped Balena Etcher from their install instructions due to potential privacy issues -

"The Tails project has announced it is changing its installation instructions to avoid a potential privacy issue with the balenaEtcher application. "We replaced balenaEtcher with Rufus in our installation instructions for Windows to solve privacy concerns with balenaEtcher. Since January 2019, we had been recommending balenaEtcher to install Tails from Windows and macOS. We loved the simplicity of balenaEtcher, which was really easier to use and worked on macOS as well.

Shortly after, balenaEtcher started displaying ads. Although we didn't like that, we initially didn't view it as a significant privacy risk and had no better alternative at the time.

However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties. While we have not experienced or heard of any attacks against Tails users stemming from this change, we believe it introduces potential for abuse. To eliminate that risk altogether, we started looking again for alternatives." Information on the replacement application can be found on the Rufus website."

Install issues, update issues, privacy issues. Why does this exist?

TNE commented on 2025-11-29 12:37 (UTC) (edited on 2025-11-29 12:38 (UTC) by TNE)

Removing the "epoch" from this package is a little bit questionable. You should definitely keep the epoch at 2. https://aur.archlinux.org/cgit/aur.git/commit/?h=balena-etcher&id=e2a0eaacf385403870f8f47884a37e3162dd2fe1

d3m3vilurr commented on 2025-08-27 05:59 (UTC) (edited on 2025-08-27 06:09 (UTC) by d3m3vilurr)

in my case, just ignoring package-lock.json is a shot.

diff --git a/PKGBUILD b/PKGBUILD
index ae5c72b..feff850 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -13,7 +13,7 @@ _github_url='https://github.com/balena-io/etcher'
 url='https://balena.io/etcher'
 license=(Apache-2.0)
 _electron=electron37
-depends=("${_electron}" "nodejs-lts-jod")
+depends=("${_electron}" "nodejs")
 makedepends=("npm" "python" 'jq' 'moreutils' 'python-setuptools' 'git')
 optdepends=("libnotify: for notifications")
 conflicts=("${_pkgname}"
@@ -53,7 +53,7 @@ build() {
   cd "${_pkgname}-${pkgver}"
   unset MAKEFLAGS

-  npm install
+  npm install --no-package-lock
   npm run package

   # node_modules for our etcher-util wrapper

another topic, a month ago, 2.1.4 was released.

for now, building 2.1.4 on nodejs(24.6.0) without --no-package-lock was succeed.

diff --git a/PKGBUILD b/PKGBUILD
index ae5c72b..2a65fa7 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,8 +4,8 @@

 pkgname=balena-etcher
 _pkgname=etcher
-pkgver=2.1.3
-pkgrel=2
+pkgver=2.1.4
+pkgrel=0
 epoch=2
 pkgdesc='Flash OS images to SD cards & USB drives, safely and easily'
 arch=('x86_64' 'i686' 'armv7h' 'aarch64')
@@ -13,7 +13,7 @@ _github_url='https://github.com/balena-io/etcher'
 url='https://balena.io/etcher'
 license=(Apache-2.0)
 _electron=electron37
-depends=("${_electron}" "nodejs-lts-jod")
+depends=("${_electron}" "nodejs")
 makedepends=("npm" "python" 'jq' 'moreutils' 'python-setuptools' 'git')
 optdepends=("libnotify: for notifications")
 conflicts=("${_pkgname}"
@@ -27,7 +27,7 @@ source=("${_github_url}/archive/refs/tags/v${pkgver}.tar.gz"
   "etcher-util"
   'skip-build-util.patch'
 )
-sha256sums=('3d5c9d0c9067cae8953d6679c81e1e46832264fc39ce4342b2c8ae46c8f55bff'
+sha256sums=('acdd51d6a32d7c5063a425692c0757c99e420ba89fba92f59fb19bf003915827'
             '6c5fb48aeb636272689c86d7cf9beea4515214636bc617a61c3e8387628b3415'
             '7482eb18af030eb6d2b44850f23ecb99cd9198f642ac3b22b2f9f2ef0c8944d4'
             'f27e34eaec0d2cb74fee259ff32c2cbd1dae36d2046d2b3e97394b91f47adace'

Wozzeck56 commented on 2025-07-31 15:13 (UTC) (edited on 2025-07-31 16:38 (UTC) by Wozzeck56)

The very "dirty" workaround is to use multi version nodejs installation via "nvm" package available in extra repo

Just read this to understand how nvm works, this is useful as nodejs conflict may happen in many situations. I have another package that requires the nodejs-lts-iron

https://www.baeldung.com/linux/multiple-node-js-versions

1) Guideline to install nodejs alternate versions alongside the wide system version

In my case I have chosen a wide installation path, so it requires root privileges, rather than home path to make nodejs alternate versions available for all users, and it is more easy to maintain, we can easily remove deprecated versions for everyone without digging in each home pathes, just playing with the environment variable NVM_DIR :

export NVM_DIR=/usr/local/bin/nvm

rather than the default value

~/.nvm

In such case remember to setup the wide environement variable NVM_DIR via a script dropped into

/etc/profile.d/your_script.sh

The NVM_DIR wide value can always be overriden in the ~/.bash_profile if a user prefers a home pathed version of nodejs

2) Setup virtual environment

So I have installed the nodejs.lts.jod and also nodejs.lts.iron directly with nvm command which download them directly from nodeJS server avoiding pacman warnings

So it installed nodejs alternate versions in :

/usr/local/bin/nvm/versions/node/v22.17.1

ln -s v22.17.1 nodejs-lts-jod

/usr/local/bin/nvm/versions/node/v20.19.14

ln -s v20.19.14 nodjs-lts-iron

If nodejs LTS receive update (check it periodcally with nvm list-remote) just remove the old version, install the new version and update the symlinks accordingly.

We will use it as a virtual environment.

Balena requires electron36 binary, and Balena itself so symlink

ln -s /usr/bin/electron36 -> /usr/local/bin/nvm/versions/node/nodejs-lts-jod/electron36

ln -s /usr/bin/balena-etcher -> /usr/local/bin/nvm/versions/node/nodejs-lts-jod/balena-etcher

3) Building installing balena-etcher

To build Balena-Etcher while avoiding pacman nodejs conflict we will build balena-etcher in a chroot.

Just read the man page of makepkgchroot to setup the environment. I personally use the "aurutils" Helper which seems to me the best helper

aur chroot -B

launches the building process of makepkgchroot, and I have setup all things to make move the built package automatically from building chroot to my AUR repo /var/cache/pacman/aurutils

So we force install the package by overriding the dependencies check with "-dd"

pacman -U -dd path_to_the_package/balena-etcher-2:2.1.2-2-x86_64.pkg.tar.zst

4) Test

Fine, now to execute balena and force it to use nodejs-lts-jod, and not the system version, under console as a regular user :

env=PATH=/usr/local/bin/nvm/versions/node/nodejs-lts-jod balena-etcher

It's ok ? So let's polish the installation

5) Finalization

Copy

/usr/share/applications/balena-etcher.desktop

to

/usr/local/share/applications/balena-etcher.desktop

/usr/local/share/applications/*.desktop

override

/usr/share/applications/*.desktop

Avoiding the modified .desktop files to be crushed by an update

Modify the line Exec of the

/usr/local/share/applications/balena-etcher.desktop

from

Exec=balena-etcher %U

to

Exec=env=PATH=/usr/local/bin/nvm/versions/node/nodejs-lts-jod balena-etcher %U

Under KDE we can immediately update the .desktop cache files with

kbuildsycoca6

Just check via edit application menu in the KDE launcher that balena uses the new setup

CONCLUSION

Unfortunately this bad "trick" won't avoid

  • Pacman complaints for missing dependency nodejs-lts-jod via

pacman -DK

  • one must check and update regularly the LTS via nvm tools. Nodejs being sensible as it may be a terrible vector for attackers and one needs to recreate the symlinks Deprecated version must be quickly removed.

  • when balena itself is updated, all things must be checked : the electron version, the nodejs version

This is the only way to solve the conflict issue. One can keep the default and very last version of nodejs as the system wide default. LTS versions, and possibly others are segregated in locations used as virtual environment in a same manner as python venv

Other rolling release distributions may possibly prefer the last LTS version as the default wide system rather than last nodejs version, this makes sense.

procobain commented on 2025-02-28 11:57 (UTC)

Ok, uninstalled after using nodejs-lts-jod, what a mess they want to make huh...

sabrewulf1986 commented on 2025-02-22 00:11 (UTC)

Thanks @b4shful I got it eventually working with the lts, but I will take what you said into consideration and be wary that other things may now stop working. So much for balena-etcher being something 'simple and easy'

marco.righi commented on 2025-02-21 14:08 (UTC)

Perhaps I upgraded the balena-ethecer by installing the first etcher-bin (that is miss functional) and after installing the balena-etcher.

sukanka commented on 2025-02-21 12:04 (UTC) (edited on 2025-02-21 14:10 (UTC) by sukanka)

no, I tried, currently, there seems no way to build it with nodejs.

b4shful commented on 2025-02-21 09:46 (UTC)

Can we please not use a dependency on nodejs-lts-jod? Since it conflicts with the nodejs package, anyone who removes nodejs and installs nodejs-lts-jod (or agrees when an AUR helper asks to replace it) will then get stuck with an older nodejs version (albeit updated until October 2025, and with maintenance updates until April 2027). That will increasingly cause problems and incompatibilities as time goes on, and down the line could also expose people to security issues after jod's EOL.

I know whoever made this change probably just wanted to get the package to build, but may not have asked themselves "it built successfully, but at what cost?".

There are plenty of people who will spot something like this and steer clear of it (in my case, uninstalling this package), but there is also a subset of AUR users who are perhaps inexperienced and (despite warnings to the contrary) use the AUR as if it's just another repository without understanding what it actually is. It's worth considering that this change could cause problems to these users down the line and cause a lot of headaches, because they won't notice that their nodejs got swapped and by the time problems crop up they might have no idea what could have caused it. Of course not everything can cater to inexperienced users all the time, but I think here it's worth thinking about for everyone's sake... perhaps there's some way to get it working with the official nodejs package.

marco.righi commented on 2025-02-20 15:02 (UTC)

Error during upgrade

yay -S --sudoloop balena-etcher
 -> No AUR package found for nodejs-lts
 -> could not find all required packages: nodejs-lts

1 2 3 4 5 6 .. 31 Next › Last »