Add support for pushing and pulling schema 2 manifests with remote layers

This is required for windows image support

test/registry/registry_tests.py

@@ -21,6 +21,7 @@ from app import instance_keys
 from data.model.tag import list_repository_tags
 from image.docker.schema1 import DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE
 from image.docker.schema2.list import DockerSchema2ManifestListBuilder
+from image.docker.schema2.manifest import DockerSchema2ManifestBuilder
 from util.security.registry_jwt import decode_bearer_header
 from util.timedeltastring import convert_to_timedelta
 
@@ -1450,3 +1451,26 @@ def test_push_pull_manifest_list(v22_protocol, basic_images, different_images, l
   # Pull and verify the manifest list.
   v22_protocol.pull_list(liveserver_session, 'devtable', 'newrepo', 'latest', manifestlist,
                          credentials=credentials, options=options)
+
+
+def test_push_pull_manifest_remote_layers(v22_protocol, legacy_puller, liveserver_session,
+                                          app_reloader, remote_images, data_model):
+  """ Test: Push a new tag with a manifest which contains at least one remote layer, and then
+      pull that manifest back.
+  """
+  if data_model != 'oci_model':
+    return
+
+  credentials = ('devtable', 'password')
+
+  # Push a new repository.
+  v22_protocol.push(liveserver_session, 'devtable', 'newrepo', 'latest', remote_images,
+                    credentials=credentials)
+
+  # Pull the repository to verify.
+  v22_protocol.pull(liveserver_session, 'devtable', 'newrepo', 'latest', remote_images,
+                    credentials=credentials)
+
+  # Ensure that the image cannot be pulled by a legacy protocol.
+  legacy_puller.pull(liveserver_session, 'devtable', 'newrepo', 'latest', remote_images,
+                     credentials=credentials, expected_failure=Failures.UNKNOWN_TAG)