Production Robot Linux System Package

Overview

Developed Linux system configuration package deployed to Bear Robotics’ Servi series robots. Single codebase supporting multiple hardware variants (Advantech, ASUS boards / Ubuntu Bionic, Jammy).

Role: System Engineer - package/ module development (16 modules)

Scope

Area	Modules
Network	`0400-network`, `0410-lte`
Device Management	`0300-udev-rules`
Security	`0500-factory`, `2006-firewall`, `2008-ssh`
Display	`1000-kiosk`, `1010-plymouth`
System Base	`0200-base`, `0125-scripts`

Technical Highlights

PCI Hash-Based Network Interface Mapping

Interface names (eth0, enp2s0, etc.) vary by board/OS combination.

# Generate hardware fingerprint
lspci | grep -E '(Ethernet|Network)' | sort | md5sum | cut -c1-20

Hash → semantic name (baseboard, lidar, etc) mapping table
Substitutes actual interface names at install time

Time-Based Factory Auto-Lockdown

Automatic security transition after 7 days of /home/factory inactivity.

if ((now - last_modified > 604800)); then  # 7 days
    usermod --lock factory
    idp_rm /home/factory/wifi.*
fi

Zero manual intervention required
WiFi credentials auto-cleanup

udev Rules for Sensor Device Abstraction

Consistent device paths regardless of USB enumeration order.

Sensor	USB ID	Symlink
IMU	`10c4:ea60`	`/dev/penny/imu`
Motor Hub	`2890:0213`	`/dev/penny/motor`

9 sensor types supported
Motor hub triggers init script on attach (RUN+=)

Template-Based Dynamic Firewall

UFW rules with placeholders, substituted at install time.

# <ETH_BASEBOARD> → enp2s0 (Advantech Jammy)
modify_rule_files "ETH_BASEBOARD" "${ETH_BASEBOARD}" ${rule_files}

Same security policy applied across all hardware variants.

Idempotent Script Architecture

All modules use idp_commands.sh wrappers:

idp_install: Install only if content differs
idp_changed: Trigger service restart on change
idp_print_result: Report “CHANGE APPLIED” / “No change”

Safe to re-run during OTA updates.

Stack

Bash systemd udev NetworkManager UFW Bazel