Pin Plone product version in buildout
First thing to do is to prevent buildout looking for the latest version of all products, which is what it does by default. Add the following:
[buildout] newest = false
You can also add
index = http://download.zope.org/ppix
Which is a simpler and faster index than cheeseshop.
In your buildout section, you need to create a link to a [versions] section where you can pin your product versions:
versions = versions
First, pin the Plone version, which will also pin all the main dependencies, including CMFPlone and Zope, as follows (or whichever Plone version):
[versions] plone.recipe.plone = 4.0.5
Then run the following script to find out which of your product versions aren't pinned but are picked by buildout:
bin/buildout -Novvvvv |sed -ne 's/^Picked: //p' | sort | uniq
This returns a list of products and versions e.g.
plone.recipe.zope2instance = 1.3 python-openid = 2.0.1 setuptools = 0.6c7
Just copy these into your new versions section and that's it, your buildout versions are pinned. You can now rerun this in any new install and get the same versions.
This is an abbreviation of the following article:
http://maurits.vanrees.org/weblog/archive/2008/01/easily-creating-repeatable-buildouts