libbitcoin{,-client,-explorer,-network,-protocol}: drop; boost175: drop

[emilazy]

These are the last packages in the tree that depend on Boost 1.75. There hasn’t been a release since 2023; upstream have stated in libbitcoin/libbitcoin-system#1234 that they do not plan to maintain the current version, and are currently working on a backwards‐incompatible major update.

Nothing in the tree uses these libraries. The only other software distributions on Repology packaging them are YACP and the AUR, neither of which has had an update since 2019. They were removed from Ubuntu after 16.04, and have more recently been removed from SlackBuilds.org and Homebrew with the same reasoning that they’re keeping Boost 1.75 around unnecessarily and no packaged software wants them.

Since these packages are also unmaintained in Nixpkgs, let’s just drop them and if anyone wants to package the 4.x version when it’s out they can re‐add it.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[paparodeo]

this is a breaking change and shouldn't be backported.

[emilazy]

The outcome of a discussion in the Release Management room a while ago was that dropping packages up until release is fine, especially if they are unmaintained/EOL/at risk of becoming vulnerable during the release cycle. This library had a CVE last year when the 3.x series was still being maintained upstream so if that happened again it’s likely 24.11 would remain vulnerable without any Nixpkgs maintainer to remediate it. I don’t really care one way or the other if this is backported, though (and maybe the Boost removal makes it impactful enough that we shouldn’t, although AFAICT everyone else has long moved off this version).

[paparodeo]

The outcome of a discussion in the Release Management room a while ago was that dropping packages up until release is fine, especially if they are unmaintained/EOL/at risk of becoming vulnerable during the release cycle.

I see -- backport away.

[github-actions]

Successfully created backport PR for release-24.11:

• [Backport release-24.11] libbitcoin{,-client,-explorer,-network,-protocol}: drop; boost175: drop #359101