index: always use jarsigner for verifying JAR signatures

apksigner v0.7 (build-tools 26.0.1), Google made it require that the
AndroidManifest.xml was present in the archive before it verifies the
signature.  So this needs to stick with the jarsigner hack for JARs.

tests/index.TestCase

@@ -39,14 +39,14 @@ class IndexTest(unittest.TestCase):
         source_dir = os.path.join(basedir, 'signindex')
         for f in ('testy.jar', 'guardianproject.jar'):
             testfile = os.path.join(source_dir, f)
-            fdroidserver.index.verify_jar_signature(testfile)
+            fdroidserver.common.verify_jar_signature(testfile)
 
     def test_verify_jar_signature_fails(self):
         basedir = os.path.dirname(__file__)
         source_dir = os.path.join(basedir, 'signindex')
         testfile = os.path.join(source_dir, 'unsigned.jar')
         with self.assertRaises(fdroidserver.index.VerificationException):
-            fdroidserver.index.verify_jar_signature(testfile)
+            fdroidserver.common.verify_jar_signature(testfile)
 
     def test_get_public_key_from_jar_succeeds(self):
         basedir = os.path.dirname(__file__)

tests/run-tests

@@ -266,6 +266,7 @@ cp $WORKSPACE/tests/urzip.apk \
 sed -i 's,archive_older = [0-9],archive_older = 3,' config.py
 
 $fdroid update --pretty --nosign
+echo "This will fail when jarsigner allows MD5 for APK signatures"
 test `grep '<package>' archive/index.xml | wc -l` -eq 5
 test `grep '<package>' repo/index.xml | wc -l` -eq 7