Cross-tool audit of the image-reference layer (Watchtower / Diun / What's-up-Docker comparison):
- Digest-pinned images (
repo@sha256:...) were parsed as garbage — repositorylibrary/nginx@sha256, the hex digest as "tag" — so the registry call failed every cycle and a deliberately pinned container looked like a permanently unreachable registry. Pins are now recognised and skipped as "not update-checkable", matching the established tools. - Bare image IDs (
sha256:...) were queried on Docker Hub as the nonsense repositorylibrary/sha256; the guard against them was dead code (it ran after the tag split had already mangled the reference). - Multi-arch version metadata was always read from the linux/amd64 manifest — on ARM hosts the "new version" in notifications came from the amd64 config. Update detection was never affected (it compares the platform-independent index digest). The platform manifest is now chosen by the daemon's own os/arch.
Test: scripts/test_image_ref.py.