We had this issue where Debian clients installed with FAI had zero length apt trust databases (/etc/apt/trustdb.gpg). The reason turned out to be the permissions on /etc/apt/trustdb.gpg (0600) in the FAI nfsroot combined with the lack of the no_root_squash option in the FAI nfsroot's /etc/exports line.
In the FAI install, you will notice that your repository is "untrusted." The installed client will have the same issue. When you try to cat or copy /etc/apt/trustdb.gpg from within the installation process, like the FAI process does, you will get an INPUT/OUTPUT error, of course. The root user of the installation has been remapped by the nfs server to nobody.
DOH. Where's Bill Engvall?