We have the same issue when including orbit bundles into our p2 repository. AFAIK the signing part works with the whole p2 repository produced by the build. From the bucky book: site.signed action uses site.feature.exports or site.repacked.
I'm not sure that this is a good idea to manually remove things from a zip and "merge" them back afterwards.
I wonder why the signing service at eclipse.org didn't just check the jar if it's already signed or not.