diff --git a/.gitignore b/.gitignore
index 494dc93..dfcd6c7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -97,3 +97,4 @@
 /rpm-ostree-2020.9.tar.xz
 /rpm-ostree-2020.10.tar.xz
 /rpm-ostree-2021.1.tar.xz
+/rpm-ostree-2021.2.tar.xz
diff --git a/0001-Add-usr-lib-rpm-macros.d-macros.rpm-ostree-to-set-_d.patch b/0001-Add-usr-lib-rpm-macros.d-macros.rpm-ostree-to-set-_d.patch
new file mode 100644
index 0000000..33bcc6a
--- /dev/null
+++ b/0001-Add-usr-lib-rpm-macros.d-macros.rpm-ostree-to-set-_d.patch
@@ -0,0 +1,132 @@
+From 99486a75e8fb96649564c5b79995513dfde355f0 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Mon, 8 Feb 2021 14:59:12 -0500
+Subject: [PATCH] Add /usr/lib/rpm/macros.d/macros.rpm-ostree to set %_dbpath
+ to /usr/share/rpm
+
+We trigger a librpm macro file load in many of our paths. Since the
+default value shipped by rpm's macro file sets `_dbpath` to
+`/var/lib/rpm`, we have to explicitly set that back to `/usr/share/rpm`
+in those paths.
+
+This became more problematic recently with libsolv v0.7.17 which fully
+keys off of `_dbpath` to find the rpmdb path to load:
+
+https://github.com/openSUSE/libsolv/commit/04d4d036b275693a23eef75fba634e7cea2f1a6d
+
+And it's not technically wrong; we really should make that macro not
+lie. This is what this patch does by injecting an RPM macro file in our
+composes which sets it to /usr/share/rpm. So then e.g. the `rpm` CLI
+doesn't actually need the `/var/lib/rpm` backcompat link anymore, though
+there's no harm in leaving it.
+
+In the future, we should be able to drop this once we move all of Fedora
+to `/usr/lib/sysimage/rpm` (see
+https://github.com/coreos/fedora-coreos-tracker/issues/639).
+
+Closes: #2548
+---
+ rust/src/composepost.rs        | 19 +++++++++++++++++++
+ src/libpriv/rpmostree-core.cxx |  6 ++++--
+ src/libpriv/rpmostree-core.h   |  1 +
+ tests/compose/libbasic-test.sh |  4 ++++
+ 4 files changed, 28 insertions(+), 2 deletions(-)
+
+diff --git a/rust/src/composepost.rs b/rust/src/composepost.rs
+index c5bb7402..1b1c97f0 100644
+--- a/rust/src/composepost.rs
++++ b/rust/src/composepost.rs
+@@ -12,6 +12,9 @@ use std::io;
+ use std::io::{BufRead, Write};
+ use std::path::Path;
+ 
++/* See rpmostree-core.h */
++const RPMOSTREE_RPMDB_LOCATION: &'static str = "usr/share/rpm";
++
+ // rpm-ostree uses /home → /var/home by default as generated by our
+ // rootfs; we don't expect people to change this.  Let's be nice
+ // and also fixup the $HOME entries generated by `useradd` so
+@@ -55,6 +58,21 @@ fn postprocess_presets(rootfs_dfd: &openat::Dir) -> Result<()> {
+     Ok(())
+ }
+ 
++// We keep hitting issues with the ostree-remount preset not being
++// enabled; let's just do this rather than trying to propagate the
++// preset everywhere.
++fn postprocess_rpm_macro(rootfs_dfd: &openat::Dir) -> Result<()> {
++    let rpm_macros_dir = "usr/lib/rpm/macros.d";
++    rootfs_dfd.ensure_dir_all(rpm_macros_dir, 0o755)?;
++    let rpm_macros_dfd = rootfs_dfd.sub_dir(rpm_macros_dir)?;
++    rpm_macros_dfd.write_file_with("macros.rpm-ostree", 0o644, |w| -> Result<()> {
++        w.write_all(b"%_dbpath /")?;
++        w.write_all(RPMOSTREE_RPMDB_LOCATION.as_bytes())?;
++        Ok(())
++    })?;
++    Ok(())
++}
++
+ // This function does two things: (1) make sure there is a /home --> /var/home substitution rule,
+ // and (2) make sure there *isn't* a /var/home -> /home substition rule. The latter check won't
+ // technically be needed once downstreams have:
+@@ -90,6 +108,7 @@ pub(crate) fn compose_postprocess_final(rootfs_dfd: i32) -> CxxResult<()> {
+         postprocess_useradd,
+         postprocess_presets,
+         postprocess_subs_dist,
++        postprocess_rpm_macro,
+     ];
+     Ok(tasks.par_iter().try_for_each(|f| f(&rootfs_dfd))?)
+ }
+diff --git a/src/libpriv/rpmostree-core.cxx b/src/libpriv/rpmostree-core.cxx
+index 51ae71a4..506a0b29 100644
+--- a/src/libpriv/rpmostree-core.cxx
++++ b/src/libpriv/rpmostree-core.cxx
+@@ -753,7 +753,8 @@ rpmostree_context_setup (RpmOstreeContext    *self,
+       dnf_context_set_rpm_macro (self->dnfctx, "_install_langs", opt->str);
+     }
+ 
+-  /* This is what we use as default. */
++  /* This is what we use as default. Note we should be able to drop this in the
++   * future now that we inject a macro to set that value in our OSTrees. */
+   dnf_context_set_rpm_macro (self->dnfctx, "_dbpath", "/" RPMOSTREE_RPMDB_LOCATION);
+ 
+   /* Set the database backend only in the compose path.  It then becomes the default
+@@ -4123,7 +4124,8 @@ rpmostree_context_assemble (RpmOstreeContext      *self,
+   rpmtsSetRootDir (ordering_ts, dnf_context_get_install_root (dnfctx));
+ 
+   /* First for the ordering TS, set the dbpath to relative, which will also gain
+-   * the root dir.
++   * the root dir. Note we should be able to drop this in the future now that we
++   * inject a macro to set that value in our OSTrees.
+    */
+   set_rpm_macro_define ("_dbpath", "/" RPMOSTREE_RPMDB_LOCATION);
+ 
+diff --git a/src/libpriv/rpmostree-core.h b/src/libpriv/rpmostree-core.h
+index fb347622..ce001232 100644
+--- a/src/libpriv/rpmostree-core.h
++++ b/src/libpriv/rpmostree-core.h
+@@ -42,6 +42,7 @@ G_BEGIN_DECLS
+ #define RPMOSTREE_DIR_LOCK "lock"
+ 
+ /* See http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html */
++/* This is also defined on the Rust side. */
+ #define RPMOSTREE_RPMDB_LOCATION "usr/share/rpm"
+ #define RPMOSTREE_SYSIMAGE_DIR "usr/lib/sysimage"
+ #define RPMOSTREE_SYSIMAGE_RPMDB RPMOSTREE_SYSIMAGE_DIR "/rpm"
+diff --git a/tests/compose/libbasic-test.sh b/tests/compose/libbasic-test.sh
+index 883ddf8d..07ae0ab5 100644
+--- a/tests/compose/libbasic-test.sh
++++ b/tests/compose/libbasic-test.sh
+@@ -39,6 +39,10 @@ done
+ ostree --repo=${repo} ls ${treeref} /usr/lib/sysimage/rpm >/dev/null
+ echo "ok db"
+ 
++ostree --repo=${repo} cat ${treeref} /usr/lib/rpm/macros.d/macros.rpm-ostree > rpm-ostree-macro.txt
++assert_file_has_content_literal rpm-ostree-macro.txt '%_dbpath /usr/share/rpm'
++echo "ok rpm macro"
++
+ ostree --repo=${repo} show --print-metadata-key exampleos.gitrepo ${treeref} > meta.txt
+ assert_file_has_content meta.txt 'rev.*97ec21c614689e533d294cdae464df607b526ab9'
+ assert_file_has_content meta.txt 'src.*https://gitlab.com/exampleos/custom-atomic-host'
+-- 
+2.29.2
+
diff --git a/0001-libpriv-rpm-util-Add-usr-lib-sysimage-rpm-symlink-in.patch b/0001-libpriv-rpm-util-Add-usr-lib-sysimage-rpm-symlink-in.patch
new file mode 100644
index 0000000..107aaaf
--- /dev/null
+++ b/0001-libpriv-rpm-util-Add-usr-lib-sysimage-rpm-symlink-in.patch
@@ -0,0 +1,33 @@
+From 60215ae865e639e9c5ecebcd0aef527abae29c66 Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 9 Feb 2021 10:53:33 -0500
+Subject: [PATCH] libpriv/rpm-util: Add /usr/lib/sysimage/rpm symlink in rpmdb
+ checkout
+
+We don't technically need this yet, but it mirrors how it's set up in
+our composes so that if there's code that wants to use the new location
+too, it'll just work.
+---
+ src/libpriv/rpmostree-rpm-util.cxx | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/libpriv/rpmostree-rpm-util.cxx b/src/libpriv/rpmostree-rpm-util.cxx
+index cd62ee98..c8d368b3 100644
+--- a/src/libpriv/rpmostree-rpm-util.cxx
++++ b/src/libpriv/rpmostree-rpm-util.cxx
+@@ -822,6 +822,12 @@ checkout_only_rpmdb (OstreeRepo       *repo,
+   if (symlinkat ("../../" RPMOSTREE_RPMDB_LOCATION, tmpdir->fd, "var/lib/rpm") == -1)
+     return glnx_throw_errno_prefix (error, "symlinkat");
+ 
++  /* And make a symlink from our *future* location too */
++  if (!glnx_shutil_mkdir_p_at (tmpdir->fd, RPMOSTREE_SYSIMAGE_DIR, 0777, cancellable, error))
++    return FALSE;
++  if (symlinkat ("../../../" RPMOSTREE_RPMDB_LOCATION, tmpdir->fd, RPMOSTREE_SYSIMAGE_RPMDB) == -1)
++    return glnx_throw_errno_prefix (error, "symlinkat");
++
+   return TRUE;
+ }
+ 
+-- 
+2.29.2
+
diff --git a/0001-libpriv-rpm-util-Use-usr-share-rpm-for-base-rpmdb-qu.patch b/0001-libpriv-rpm-util-Use-usr-share-rpm-for-base-rpmdb-qu.patch
new file mode 100644
index 0000000..80278b2
--- /dev/null
+++ b/0001-libpriv-rpm-util-Use-usr-share-rpm-for-base-rpmdb-qu.patch
@@ -0,0 +1,89 @@
+From 667fdc9ff44d086140d195e4714d132edee2bf9a Mon Sep 17 00:00:00 2001
+From: Jonathan Lebon <jonathan@jlebon.com>
+Date: Tue, 9 Feb 2021 14:17:16 -0500
+Subject: [PATCH] libpriv/rpm-util: Use /usr/share/rpm for base rpmdb query
+
+Follow-up to previous commit: we had another path where we made a
+temporary rootfs and symlinked `/var/lib/rpm` to the base rpmdb. That of
+course broke now that we inject a macro to point the rpmdb to
+`/usr/share/rpm`.
+
+Rework this to use `/usr/share/rpm` since that's our canonical location
+for now, but also add the compat symlinks so that this logic should keep
+working even on trees without the injected macro yet.
+---
+ src/libpriv/rpmostree-rpm-util.cxx | 38 ++++++++++++++++++++----------
+ 1 file changed, 26 insertions(+), 12 deletions(-)
+
+diff --git a/src/libpriv/rpmostree-rpm-util.cxx b/src/libpriv/rpmostree-rpm-util.cxx
+index c8d368b3..d8de9830 100644
+--- a/src/libpriv/rpmostree-rpm-util.cxx
++++ b/src/libpriv/rpmostree-rpm-util.cxx
+@@ -788,6 +788,26 @@ rpmrev_free (struct RpmRevisionData *ptr)
+   g_free (ptr);
+ }
+ 
++/* Currently, our rpmdb lives at /usr/share/rpm. Add symlinks from the legacy
++ * /var/lib/rpm *and* the future /usr/lib/sysimage/rpm paths to that. */
++static gboolean
++mk_rpmdb_compat_symlinks (int            rootfs_dfd,
++                          GCancellable  *cancellable,
++                          GError       **error)
++{
++  if (!glnx_shutil_mkdir_p_at (rootfs_dfd, "var/lib", 0777, cancellable, error))
++    return FALSE;
++  if (symlinkat ("../../" RPMOSTREE_RPMDB_LOCATION, rootfs_dfd, "var/lib/rpm") == -1)
++    return glnx_throw_errno_prefix (error, "symlinkat");
++
++  if (!glnx_shutil_mkdir_p_at (rootfs_dfd, RPMOSTREE_SYSIMAGE_DIR, 0777, cancellable, error))
++    return FALSE;
++  if (symlinkat ("../../../" RPMOSTREE_RPMDB_LOCATION, rootfs_dfd, RPMOSTREE_SYSIMAGE_RPMDB) == -1)
++    return glnx_throw_errno_prefix (error, "symlinkat");
++
++  return TRUE;
++}
++
+ /* Check out a copy of the rpmdb into @tmpdir */
+ static gboolean
+ checkout_only_rpmdb (OstreeRepo       *repo,
+@@ -816,17 +836,8 @@ checkout_only_rpmdb (OstreeRepo       *repo,
+                                 cancellable, error))
+     return FALSE;
+ 
+-  /* And make a compat symlink to keep rpm happy */
+-  if (!glnx_shutil_mkdir_p_at (tmpdir->fd, "var/lib", 0777, cancellable, error))
+-    return FALSE;
+-  if (symlinkat ("../../" RPMOSTREE_RPMDB_LOCATION, tmpdir->fd, "var/lib/rpm") == -1)
+-    return glnx_throw_errno_prefix (error, "symlinkat");
+-
+-  /* And make a symlink from our *future* location too */
+-  if (!glnx_shutil_mkdir_p_at (tmpdir->fd, RPMOSTREE_SYSIMAGE_DIR, 0777, cancellable, error))
++  if (!mk_rpmdb_compat_symlinks (tmpdir->fd, cancellable, error))
+     return FALSE;
+-  if (symlinkat ("../../../" RPMOSTREE_RPMDB_LOCATION, tmpdir->fd, RPMOSTREE_SYSIMAGE_RPMDB) == -1)
+-    return glnx_throw_errno_prefix (error, "symlinkat");
+ 
+   return TRUE;
+ }
+@@ -890,13 +901,16 @@ rpmostree_get_base_refsack_for_root (int                dfd,
+   g_auto(GLnxTmpDir) tmpdir = {0, };
+   if (!glnx_mkdtemp ("rpmostree-dbquery-XXXXXX", 0700, &tmpdir, error))
+     return FALSE;
+-  if (!glnx_shutil_mkdir_p_at (tmpdir.fd, "var/lib", 0777, cancellable, error))
++  if (!glnx_shutil_mkdir_p_at (tmpdir.fd, dirname (strdupa (RPMOSTREE_RPMDB_LOCATION)), 0777, cancellable, error))
+     return FALSE;
+ 
+   g_autofree char *base_rpm = glnx_fdrel_abspath (dfd, subpath);
+-  if (symlinkat (base_rpm, tmpdir.fd, "var/lib/rpm") == -1)
++  if (symlinkat (base_rpm, tmpdir.fd, RPMOSTREE_RPMDB_LOCATION) == -1)
+     return glnx_throw_errno_prefix (error, "symlinkat");
+ 
++  if (!mk_rpmdb_compat_symlinks (tmpdir.fd, cancellable, error))
++    return FALSE;
++
+   g_autoptr(DnfSack) sack = NULL; /* NB: refsack adds a ref to it */
+   if (!get_sack_for_root (tmpdir.fd, ".", &sack, error))
+     return FALSE;
+-- 
+2.29.2
+
diff --git a/0001-scripts-Bind-usr-share-empty-over-usr-share-rpm.patch b/0001-scripts-Bind-usr-share-empty-over-usr-share-rpm.patch
new file mode 100644
index 0000000..1a8bb80
--- /dev/null
+++ b/0001-scripts-Bind-usr-share-empty-over-usr-share-rpm.patch
@@ -0,0 +1,30 @@
+From 6886e4442597f67ea4153e3f6d9ac6e9444795a5 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Tue, 9 Feb 2021 21:18:49 +0000
+Subject: [PATCH] scripts: Bind /usr/share/empty over /usr/share/rpm
+
+Now that we inject the `%_dbpath /usr/share/rpm` macro, `rpm -q`
+will start using it.  But in RPM script invocation, we don't
+want them to see any RPM database at all - trying to query it
+should be a clean failure.
+---
+ src/libpriv/rpmostree-scripts.cxx | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libpriv/rpmostree-scripts.cxx b/src/libpriv/rpmostree-scripts.cxx
+index f7adb08f..4b1f5429 100644
+--- a/src/libpriv/rpmostree-scripts.cxx
++++ b/src/libpriv/rpmostree-scripts.cxx
+@@ -378,6 +378,9 @@ rpmostree_run_script_in_bwrap_container (int rootfs_fd,
+   if (glnx_fstatat (rootfs_fd, "usr/lib/opt", &stbuf, AT_SYMLINK_NOFOLLOW, NULL) && S_ISDIR(stbuf.st_mode))
+     rpmostree_bwrap_append_bwrap_argv (bwrap, "--symlink", "usr/lib/opt", "/opt", NULL);
+ 
++  /* Don't let scripts see the base rpm database by default */
++  rpmostree_bwrap_bind_read (bwrap, "usr/share/empty", "usr/share/rpm");
++
+   /* Add ostree-booted API; some scriptlets may work differently on OSTree systems; e.g.
+    * akmods. Just create it manually; /run is usually tmpfs, but scriptlets shouldn't be
+    * adding stuff there anyway. */
+-- 
+2.29.2
+
diff --git a/rpm-ostree.spec b/rpm-ostree.spec
index 42d62cf..3fc3124 100644
--- a/rpm-ostree.spec
+++ b/rpm-ostree.spec
@@ -3,14 +3,13 @@
 
 Summary: Hybrid image/package system
 Name: rpm-ostree
-Version: 2021.1
-Release: 3%{?dist}
+Version: 2021.2
+Release: 2%{?dist}
 License: LGPLv2+
 URL: https://github.com/coreos/rpm-ostree
 # This tarball is generated via "cd packaging && make -f Makefile.dist-packaging dist-snapshot"
 # in the upstream git.  It also contains vendored Rust sources.
 Source0: https://github.com/coreos/rpm-ostree/releases/download/v%{version}/rpm-ostree-%{version}.tar.xz
-Patch0: 0001-core-Set-_dbpath-back-to-usr-share-rpm-after-writing.patch
 
 ExclusiveArch: %{rust_arches}
 
@@ -203,6 +202,12 @@ $PYTHON autofiles.py > files.devel \
 
 %files devel -f files.devel
 %changelog
+* Wed Feb 17 2021 Colin Walters <walters@verbum.org> - 2021.2-2
+- https://github.com/coreos/rpm-ostree/releases/tag/v2021.2
+
+* Wed Feb 10 2021 Colin Walters <walters@verbum.org> - 2021.1-4
+- Backport patches from https://github.com/coreos/rpm-ostree/pull/2553
+
 * Tue Jan 26 2021 Jonathan Lebon <jonathan@jlebon.com> - 2021.1-3
 - Backport https://github.com/coreos/rpm-ostree/pull/2490 for rawhide
 
diff --git a/sources b/sources
index 6f2eef4..be1be5f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (rpm-ostree-2021.1.tar.xz) = e92d5feaea8a524953ffa105725450a4546dd93b94ce57d3f7cdd26d4be39ab2063e07891c025aff1e7dc04aa9198f298c19e6084e7b050293af9799887ba0be
+SHA512 (rpm-ostree-2021.2.tar.xz) = 34dcbf56ba063de1dca880c85da801f36c9f603504a123760fc3b6ad525b4bbf3e997c6edd5d77c080f4bf86fc8504fe76a1ddd345d7b95ab81fdda3ea264e6d