Move Docker V2 key to be loaded from file or generated on server load

Fixes #394

endpoints/v2/manifest.py

@@ -9,11 +9,9 @@ import json
 from flask import make_response, request, url_for
 from collections import namedtuple, OrderedDict
 from jwkest.jws import SIGNER_ALGS
-from jwkest.jwk import RSAKey
-from Crypto.PublicKey import RSA
 from datetime import datetime
 
-from app import storage
+from app import storage, docker_v2_signing_key
 from auth.jwt_auth import process_jwt_auth
 from endpoints.decorators import anon_protect
 from endpoints.v2 import v2_bp, require_repo_read, require_repo_write
@@ -332,12 +330,8 @@ def _generate_and_store_manifest(namespace, repo_name, tag_name):
   for parent in parents:
     builder.add_layer(parent.storage.checksum, __get_and_backfill_image_metadata(parent))
 
-  # TODO, stop generating a new key every time we sign a manifest, publish our key
-  new_key = RSA.generate(2048)
-  jwk = RSAKey(key=new_key)
-
-  manifest = builder.build(jwk)
-
+  # Sign the manifest with our signing key.
+  manifest = builder.build(docker_v2_signing_key)
   manifest_row = model.tag.associate_generated_tag_manifest(namespace, repo_name, tag_name,
                                                             manifest.digest, manifest.bytes)