Revert reporting of multiple pull errors

[aaronlehmann]

Revert the portions of #17617 that report all errors when a pull
falls back, and go back to just reporting the last error. This was nice
to have, but causes some UX issues because nonexistent images show
additional "unauthorized" errors.

Keep the part of the PR that handled ENOSPC, as this appears to work
even without tracking multiple errors.

Fixes #19419

[tiborvass]

@aaronlehmann thanks, would you mind updating TestPullNonExistingImage to check for unauthorized ?

[runcom]

This was why we have that weird newline concatenated error in #19159 also I believe

[aaronlehmann]

@tiborvass Added

[tiborvass]

LGTM

[runcom]

LGTM

[aaronlehmann]

Removed TestPullFallbackOn404, because it doesn't work with only the last error being displayed. It is effectively covered by TestPullNonExistingImage, which makes sure the v1 fallback happens.

[thaJeztah]

ARM failed;

01:31:31  ---> Running in 5e005a2e3858
01:38:13 error: /v2/armhf/buildpack-deps/manifests/sha256:ca6cce8e5bf5c952129889b5cc15cd6aa8d995d77e55e3749bbaadae50e476cb returned something unexpected:
01:38:13   <html><body><h1>408 Request Time-out</h1>
01:38:13 Your browser didn't send a complete request in time.
01:38:13 </body></html>
01:38:14 Removing intermediate container 5e005a2e3858
01:38:14 The command '/bin/sh -c ./contrib/download-frozen-image-v2.sh /docker-frozen-images 

[runcom]

@aaronlehmann @tiborvass btw I'm now getting:

docker pull myregistrydomain.com:5000/busybox

Using default tag: latest
Error response from daemon: Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

when I try to pull from a private registry w/o auth
before:

docker pull myregistrydomain.com:5000/busybox

Using default tag: latest
Error response from daemon: Get https://myregistrydomain.com:5000/v2/runcom/busybox/manifests/latest: no basic auth credentials
Get http://myregistrydomain.com:5000/v2/: malformed HTTP response "\x15\x03\x01\x00\x02\x02"

at least I was getting the correct error: no basic auth credentials
Do you know what's happening? because I think I should get unauthorized and not malformed http response right?

[thaJeztah]

ping @aaronlehmann @tiborvass ^^

[aaronlehmann]

I looked into this today. You are probably using --insecure-registry. When the first attempt to pull from the registry (over HTTPS) fails, it tries using plain HTTP. Then the error you see is just the one from the plain HTTP attempt, because of this PR.

It would be a bit tricky to fix this. I think it may be better to discourage the use of --insecure-registry, which is a security risk anyway.