There were two issues at work here:
1) The JCP provider JARs are signed, and the signature wasn't surviving the pack200 / unpack200 cycle.
2) The JCP provider JAR was inadvertently being loaded by the boot class loader, despite living in the lib/ext subdirectory. This was preventing the signature from being verified even when it was correct.
For the time being, packing has simply been disabled on signed JRE jars. A better fix would be to alter the build process to generate JARs that could survive pack / unpack with intact signatures, but that is a bigger change than we have time for at the moment. The extension class loader was also modified to check for a download before trying to load a given class; this means that the search never bubbles up to the boot class loader and so the JAR never ends up on the boot class path.