Fix backfills of super large manifests by stripping metadata from all but the final layer

This is semantically valid because Docker only uses the leaf layer as the image config when reading a V2_1 manifest

Fixes https://jira.coreos.com/browse/QUAY-1351

image/docker/schema1.py

@@ -59,7 +59,6 @@ _ISO_DATETIME_FORMAT_ZULU = '%Y-%m-%dT%H:%M:%SZ'
 # The algorithm we use to sign the JWS.
 _JWS_SIGNING_ALGORITHM = 'RS256'
 
-
 class MalformedSchema1Manifest(ManifestException):
   """
   Raised when a manifest fails an assertion that should be true according to the Docker Manifest
@@ -340,17 +339,20 @@ class DockerSchema1Manifest(ManifestInterface):
   def get_requires_empty_layer_blob(self, content_retriever):
     return False
 
-  def unsigned(self):
-    if self.media_type == DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE:
-      return self
-
-    # Create an unsigned version of the manifest.
+  def _unsigned_builder(self):
     builder = DockerSchema1ManifestBuilder(self._namespace, self._repo_name, self._tag,
                                            self._architecture)
     for layer in reversed(self.layers):
       builder.add_layer(str(layer.digest), layer.raw_v1_metadata)
 
-    return builder.build()
+    return builder
+
+  def unsigned(self):
+    if self.media_type == DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE:
+      return self
+
+    # Create an unsigned version of the manifest.
+    return self._unsigned_builder().build()
 
   def with_tag_name(self, tag_name, json_web_key=None):
     """ Returns a copy of this manifest, with the tag changed to the given tag name. """
@@ -534,6 +536,10 @@ class DockerSchema1ManifestBuilder(object):
 
     self._fs_layer_digests = []
     self._history = []
+    self._namespace_name = namespace_name
+    self._repo_name = repo_name
+    self._tag = tag
+    self._architecture = architecture
 
   def add_layer(self, layer_digest, v1_json_metadata):
     self._fs_layer_digests.append({
@@ -544,6 +550,49 @@ class DockerSchema1ManifestBuilder(object):
     })
     return self
 
+  def with_metadata_removed(self):
+    """ Returns a copy of the builder where every layer but the leaf layer has
+        its metadata stripped down to the bare essentials.
+    """
+    builder = DockerSchema1ManifestBuilder(self._namespace_name, self._repo_name, self._tag,
+                                           self._architecture)
+
+    for index, fs_layer in enumerate(self._fs_layer_digests):
+      try:
+        metadata = json.loads(self._history[index][DOCKER_SCHEMA1_V1_COMPAT_KEY])
+      except (ValueError, TypeError):
+        logger.exception('Could not parse existing builder')
+        raise MalformedSchema1Manifest
+
+      fixed_metadata = {}
+      if index == 0: # Leaf layer is at index 0 in schema 1.
+        fixed_metadata = metadata
+      else:
+        # Remove all container config from the metadata.
+        fixed_metadata['id'] = metadata['id']
+        if 'parent' in metadata:
+          fixed_metadata['parent'] = metadata['parent']
+
+        if 'created' in metadata:
+          fixed_metadata['created'] = metadata['created']
+
+        if 'author' in metadata:
+          fixed_metadata['author'] = metadata['author']
+
+        if 'comment' in metadata:
+          fixed_metadata['comment'] = metadata['comment']
+
+        if 'Size' in metadata:
+          fixed_metadata['Size'] = metadata['Size']
+
+        if 'Cmd' in metadata.get('container_config', {}):
+          fixed_metadata['container_config'] = {
+            'Cmd': metadata['container_config']['Cmd'],
+          }
+
+      builder.add_layer(fs_layer[DOCKER_SCHEMA1_BLOB_SUM_KEY], json.dumps(fixed_metadata))
+
+    return builder
 
   def build(self, json_web_key=None, ensure_ascii=True):
     """